[Fed-Talk] Re:DHS and DOE Certificates
[Fed-Talk] Re:DHS and DOE Certificates
- Subject: [Fed-Talk] Re:DHS and DOE Certificates
- From: Paul Derby <email@hidden>
- Date: Fri, 27 Oct 2006 21:31:41 -0400
I've submitted the following bug report to Apple for resolution:
If an X.509 certificate is placed in the LOGIN keychain and the
"trust settings" for "When using this certificate" are set to "Always
trust", the Apple Mail program ignores the "Always trust" setting and
refuses to encrypt using the public key embedded in the certificate
when emailing to the owner of the certificate.
Our company communicates with Los Alamos National Labs(LANL), which
uses Entrust for their X.509 certificates. They issue their own
certificates, so in the "Issuer Name" section of the certificate the
"Common Name" field is NOT present. Since the certificates from LANL
do not have this issuer field, they are not chained to a Certificate
Authority. When you try to read an encrypted email message from the
individual at LANL, MAIL throws an error stating: "unable to decrypt
message". Clicking on "show details" says the certificate isn't valid.
If you go into ADDRESS BOOK and double click on the check mark next
to the email address for the individual holding the certificate, you
get the message: "This certificate was signed by an untrusted
issuer" which is bogus, since the cert isn't signed at all. A better
message would be "this certificate has been manually set to "always
trust"".
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden