[kdepim-users] KMail and X.509

Andreas Petzold Andreas.Petzold at mailbox.tu-dresden.de
Wed Sep 3 09:38:38 BST 2008


>> BTW, what is the problem/error message?
>> Here are a few hints that I hope will help you to find/fix whatever is
>> broken:
>> * is gpg-agent running?
>> * are you able to validate your cert in kleopatra?
>> * have a look at kwatchgnupg, it will help you to determine the actual
>> error, if all you get is "...failed. General Error"
> Yes, indeed. I get an "General Error".
> The gpg-agent is running and working. I'm using PGP/MIME with KMail and that
> is working just fine. My only problem right now are X.509/SMIME   
> mails. I'm not
> exactly sure what you mean by "validate in kleopatra" but I did import my
> Certificate, private Key and the root Certificate (CACert) into Kleopatra and
> Konqueror (just in case that makes a difference) and they are shown   
> as valid in
> the Certificate View.

by "validate in kleopatra" I mean, if you mark you cert and press  
Shift-F5 is your cert shown as valid? First you may want to change the  
color settings so you can actually see, if a cert is found to be valid  
or not. IIRC the default color setting is not a good choice.

> KWatchGnuPG gives me some output but I'm not sure what is means.

>   6 - 2008-09-03 09:08:27 gpgsm[14281]: DBG: connection to dirmngr   
> established
>   6 - 2008-09-03 09:08:27 gpgsm[14281]: certificate #4F9F/CN=CAcert Class 3
> Root,OU=http://www.CAcert.org,O=CAcert Inc.
>   6 - 2008-09-03 09:08:27 gpgsm[14281]: Die CRL konnte nicht geprüft werden:
> Konfigurationsfehler [The CRL couldn't be verified: Configuration error]
>   6 - 2008-09-03 09:08:27 gpgsm[14281]: Benutztes Gültigkeitsmodell: Schale
> It looks like something is wrong with Dirmngr, right?

Well sort of, the actual error is the CRL problem. Either you haven't  
imported the CRL for your CA or you have not properly configured the  
CRL validation. For a test, you can disable the CRL check and try  
again (Tools->Certificate Manager->Settings->Configure GPGMe  
Backend->GPG for S/MIME->never consult a CRL).



KDE PIM users mailing list
kdepim-users at kde.org

More information about the kdepim-users mailing list