Summary: | Cannot add S/MIME certificate - displays a red cross | ||
---|---|---|---|
Product: | [Applications] kmail2 | Reporter: | Alvaro Soliverez <asoliverez> |
Component: | crypto | Assignee: | kdepim bugs <kdepim-bugs> |
Status: | RESOLVED NOT A BUG | ||
Severity: | normal | CC: | jan.deluxe |
Priority: | NOR | ||
Version: | 4.10.3 | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Alvaro Soliverez
2013-06-17 11:43:38 UTC
In Kleopatra, the certificates show up after a long time. If I start KWatchGnuPG, there's a lot of meaningless messages, but one that said: Issuer certificate (...) not found using authorityKeyIdentifier Command LOOKUP: failed Although this bug report is almost a year old, I have sth to add which resolved the problem in my case.
I had the same thing happening as the op:
> When I try to add my S/MIME signature certificate, it shows at first on the list with a ? mark, and when I try to select it, it displays a red mark, and cannot be selected to add it.
In the Kleopatra GUI I went to "Settings > GnuPG System > GPG for S/MIME" and checked "Never consult a CRL".
If that resolves your problem it's clearly related to the client (Kleopatra) not being able to fetch a CRL for some reason.
Regarding the other ptoblem of no certificates showing up: Maybe you didn't configure any Directory services and the setting "Settings > GnuPG System > GPG for S/MIME > Fetch missign issuer certificates" was enabled?
Never consult a CRL helped. Still, I had to import the certificate again manually with gpgsm, otherwise it wouldn't show me an important error in the dependency chain. I was able to make it work about a month ago or so. It was really frustrating that Kleopatra hides all underneath errors, and the only way to figure what the problem was, was by running the commands in CLI mysef (after googling what the commands were) Please, make it easier to see the underlying issue, don't just show a red cross. I'm closing it now since the main issue was a problem in the certificate. The point stands, make it easier for the user to figure out what's wrong. |