321261 – Cannot add S/MIME certificate - displays a red cross

Bug 321261 - Cannot add S/MIME certificate - displays a red cross

Summary: Cannot add S/MIME certificate - displays a red cross

Status:	RESOLVED NOT A BUG

Alias:	None

Product:	kmail2
Classification:	Applications
Component:	crypto (show other bugs)
Version:	4.10.3
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2013-06-17 11:43 UTC by Alvaro Soliverez
Modified:	2014-07-11 12:00 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Alvaro Soliverez 2013-06-17 11:43:38 UTC

When I try to add my S/MIME signature certificate, it shows at first on the list with a ? mark, and when I try to select it, it displays a red mark, and cannot be selected to add it.

There's no error message. Starting Kleopatra, it is empty, even after importing the certificate again. That's weird, because in KMail, the certificate is listed, even if Kleopatra's list is empty now.
KGpg, however, displays my GPG keys correctly.

Where can I start to figure out what's wrong? I really need this for my work.

Reproducible: Always

Comment 1 Alvaro Soliverez 2013-06-19 13:09:11 UTC

In Kleopatra, the certificates show up after a long time. If I start KWatchGnuPG, there's a lot of meaningless messages, but one that said: Issuer certificate (...) not found using authorityKeyIdentifier
Command LOOKUP: failed

Comment 2 Jan Hendrik Nielsen 2014-07-11 11:46:50 UTC

Although this bug report is almost a year old, I have sth to add which resolved the problem in my case.

I had the same thing happening as the op:
> When I try to add my S/MIME signature certificate, it shows at first on the list with a ? mark, and when I try to select it, it displays a red mark, and cannot be selected to add it.

In the Kleopatra GUI I went to "Settings > GnuPG System > GPG for S/MIME" and checked "Never consult a CRL".

If that resolves your problem it's clearly related to the client (Kleopatra) not being able to fetch a CRL for some reason. 

Regarding the other ptoblem of no certificates showing up: Maybe you didn't configure any Directory services and the setting "Settings > GnuPG System > GPG for S/MIME > Fetch missign issuer certificates" was enabled?

Comment 3 Alvaro Soliverez 2014-07-11 12:00:29 UTC

Never consult a CRL helped.
Still, I had to import the certificate again manually with gpgsm, otherwise it wouldn't show me an important error in the dependency chain.

I was able to make it work about a month ago or so. It was really frustrating that Kleopatra hides all underneath errors, and the only way to figure what the problem was, was by running the commands in CLI mysef (after googling what the commands were)

Please, make it easier to see the underlying issue, don't just show a red cross.

I'm closing it now since the main issue was a problem in the certificate.

The point stands, make it easier for the user to figure out what's wrong.