| Well, here is the scenario that doesn't work with certificates from DOE Los Alamos National Labs which uses Entrust:
I send an email to Tom with my Thawte digital signature.
He receives, confirms the email is signed. He replies with a signed email.
His two Entrust certs go on my "login" keychain automatically.
The issuer of his cert is: Organization - U.S. Government, organization unit - Department of Energy, Organization Unit - Los Alamos National Laboratory
One of his certs is a "wrap", the other is a "verify".
I go into my keychain and open his cert and am told: "this certificate was signed by an untrusted issuer"
I have no higher level certs for DOD or LANL for Tom's cert to tie to.
I go into Tom's cert and set the TRUST SETTINGS to "always trust"
and Mail still doesn't like the situation. Mail shows the buttons for both encrypt and sign, but if I try to encrypt back to Tom, mail aborts with "Alert An error occurred while trying to encrypt your message. Please check that you have valid certificates in your keychain for all recipients."
So anyone have any idea why this doesn't work? Why mail doesn't like the cert when the trust setting in the keychain is set to "always trust" and Keychain is stopped then restarted? Do I need an X.509 anchor cert for DOE Los Alamos Labs? If so where does one get this anchor cert? My friend at Los Alamos can't find anything related to a public anchor cert on his internal web site to send to me to put in the keychain.
-- Paul Derby Chief Enterprise Architect The Tauri Group 703-647-2745
|