Subject: The mailing list for listmasters using Sympa
List archive
- From: Redmond Militante <address@concealed>
- To: address@concealed
- Cc: Peter Farmer <address@concealed>, address@concealed
- Subject: [sympa-users] Re: X509 user certs
- Date: Fri, 3 Nov 2006 16:26:23 -0600
I'm testing out S/MIME authentication in sympa and am having trouble getting
it to work.
I've been following the instructions at
http://www.sympa.org/doc/html/node27.html
to allow sympa to use S/MIME, I've configured a list for send.private_smime.
I've applied for a free personal S/MIME email certificate from Thawte, and
have configured Thunderbird to sign messages using this certificate.
When I send the message to the list, I get a message rejected letter just as
if I would have sent the email unsigned. Am I missing any steps?
Thanks,
Redmond
+++ address@concealed <address@concealed> [06/08/23 10:35]:
> Peter Farmer wrote:
>
> >Can some kind person please point me to some documentation that describes
> >how
> >user X509 certs for S/MIME authentication are added to sympa (I know
> >_where_,
> >but the doco doesnt say anything about how they should be installed - what
> >file
> >naming conventions, how they are linked to user profiles/logins etc) and
> >whats
> >the easiest way to obtain some - home grown or from a commercial CA ?
> >
> >
> User certs are automatically catched by Sympa when receiving a signed
> s/mime messsage so if Sympa needs to send encrypted message to this user
> it can perform encryption using this certificate. This is works but it's
> not conform to the PKI theory : Sympa should be able to search for user
> certificates using PKI certificate directory (LDAP) .
>
> That's why Sympa test the key usage certificate attribute to known if
> the certificate allow both encryption and signature.
>
> Certificate are stored as PEM file on /home/sympa/expl/X509-user-certs .
> Files are named address@concealed@enc or address@concealed@sign (@enc and
> @sign suffix are used according to certificates usage. No tool other
> tool is provided by Sympa in order to collect this certificate
> repository but you can easily imagine you own tool to create thoses files.
>
> Hope this help.
> Serge Aumont
>
--
Redmond Militante / NSIT / The University of Chicago
PGP Public Key: <http://home.uchicago.edu/~rjm/pubkey.asc>
-
[sympa-users] Re: X509 user certs,
Redmond Militante, 11/03/2006
-
[sympa-users] Re: Re: X509 user certs,
Olivier Salaün - CRU, 11/06/2006
-
[sympa-users] Re: Re: Re: X509 user certs,
Redmond Militante, 11/07/2006
-
[sympa-users] Re: Re: Re: Re: X509 user certs,
serge . aumont, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Redmond Militante, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Serge Aumont, 11/09/2006
- [sympa-users] Re: Re: Re: Re: Re: Re: X509 user certs, Redmond Militante, 11/09/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Serge Aumont, 11/09/2006
-
[sympa-users] Re: Re: Re: Re: Re: X509 user certs,
Redmond Militante, 11/08/2006
-
[sympa-users] Re: Re: Re: Re: X509 user certs,
serge . aumont, 11/08/2006
-
[sympa-users] Re: Re: Re: X509 user certs,
Redmond Militante, 11/07/2006
-
[sympa-users] Re: Re: X509 user certs,
Olivier Salaün - CRU, 11/06/2006
Archive powered by MHonArc 2.6.19+.