Hey Christian,indeed, several Mailclients (and it seems also SOGo) have issues when the sender-address ist not 'exatly' the same as in the certificate. And with 'exactly' I also means uppercase/lowercase letters in the certificate.
I had the same problem a while ago with Thunderbird. regards JuergenAm 24.02.22 um 11:57 schrieb "Christian Setzer (HaW Augsburg)" (christian.set...@hs-augsburg.de):
Hi Frank, thanks for your feedback and check.I was doing some research here and came to the following observation / conclusion:By default, my account was getting the email adress with uppercase letters e.g. Name.Surname@... When i changed it all to lowercase directly in the ldap, i was able to send it.So it seems to be an upper lower case related issue when comparing the account email adress with the email adress in the certificate.Am i right in presuming that your email adress whas/is all in lowercase (by default)?Greetings, ChriS. P.S.I can confirm that email addresses in the SAN are not visible in Preferences > Mail > IMAP Accounts > Edit > Security. With the fix for issue #5440 SAN email addresses became visible only when viewing signed messages.Would this be "interesting enough" to add it to a wishlist? If so, is there a list apart from the bts bugtracker or would that be the place to "make a wish", so to say?On 23.02.22 14:36, "Frank Schmirler" (s...@schmirler.de) wrote:Hi Christian,I'm also running 5.5.1 and have no problems sending signed messages, provided the sender address is really part of the certificate. Please double check that. I Tried with both, a certificate with the email address in SAN only (like yours) and a certificate with the email address in DN and SAN.I can confirm that email addresses in the SAN are not visible in Preferences > Mail > IMAP Accounts > Edit > Security. With the fix for issue #5440 SAN email addresses became visible only when viewing signed messages.Best regards, FrankAm Mittwoch, 23. Februar 2022 10:57 CET, schrieb "Christian Setzer | Hochschule Augsburg" (christian.set...@hs-augsburg.de) <users@sogo.nu>:sorry ... hereby with the attachments ... :P ChriS. -------- Forwarded Message --------Subject: sogo webclient - send signed email error - sender address notin certificate Date: Wed, 23 Feb 2022 10:41:12 +0100 From: Christian Setzer | Hochschule Augsburg <christian.set...@hs-augsburg.de> Organization: Hochschule für angewandte Wissenschaften Augsburg To: users@sogo.nu Hello all together! As i am not sure if it is or was a reported bug already, i will try this channel first, although i couldn't find anything on the same topic. It seems to me that it could be related to the issues #5407 and #5440 in the SOGo BTS and the "fix(mail): check if smime certificate matches sender address". Currently, we cannot send signed messages using the sogo web client. (actually using version 5.5.1) Before sending, there appears to be a check of the valid certificate and it runs into an error: "The message can't be signed because the sender address is not included in the certificate associated to the mail account." See attachment: "SogoWebErrorMessageSignedSenderAddressNotInCert.jpg" If i recall it correctly, we had no issues sending signed email until version 5.2, before the change in version 5.3 where the check was added. Then, we had the issue with the warning when receiving signed messages as shown in bug #5440, which disappeared with the upgrade on 5.4. "Message is signed but the certificate (name surname) doesn't match the sender email address" Finally, we upgraded to 5.5.1 and hoped the sending signed error would disappear, but it didn't. When i go to Preferences > Mail > IMAP Accounts > Edit > Security and open the view of the certificate, i can only see the parts Subject Name and Issuer. But the SAN / E-Mail-Address is not shown / visible. See attachment: "SogoWebSecurityViewCertDetails.jpg" My questions would be: Could anyone observe the same issue? What could be the origin, if it is likely to be a more personal issue? If others can observe it to, should i place it in the SOGo BTS? Thanks and greetings, ChriS. -- Christian Setzer Rechenzentrum (Computer Center & IT Services)HOCHSCHULE für angewandte Wissenschaften AUGSBURG (University of Applied Sciences)--
-- /¯\ No | \ / HTML | Juergen Bruckner X in | juergen@bruckner.email / \ Mail |
smime.p7s
Description: S/MIME Cryptographic Signature