assigning certficates

Martijn, you wrote:
"Since you have the private key and the key can be used for signing you can select
the key for signing."

How can I select the key for signing ?
If I want to select signing certificate for this user in Djigzo it tells me
"There are no matching certificates"
To check if the end-user certificate holds private keys I've tried to download the
private keys from the certficate and a PFX file is created.

Best regards,

Perry

···

------------------------------

Message: 4
Date: Thu, 26 Apr 2012 11:19:55 +0200 (CEST)
From: Perry Peeters <p.peeters(a)deonet.nl>
Subject: assigning certficates
To: users(a)lists.djigzo.com
Message-ID: <9fa63a44-893a-4410-9c6e-7fb2f74374f4(a)deolinux1>
Content-Type: text/plain; charset=utf-8

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

------------------------------

Message: 5
Date: Thu, 26 Apr 2012 11:31:41 +0200
From: Martijn Brinkers <martijn(a)djigzo.com>
Subject: Re: assigning certficates
To: users(a)lists.djigzo.com
Message-ID: <4F9915FD.7030307(a)djigzo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 04/26/2012 11:19 AM, Perry Peeters wrote:

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

A key can be used as a signing key if you have the private key and if
the key usage allows the key to be used for signing. A (public) key can
be used for encryption if the key usage allows encryption. Since you
have the private key and the key can be used for signing you can select
the key for signing. Whether or not you can select it as an encryption
key does not matter. First make sure that your email will be correctly
signed. This can be done by deselecting "Only sign when encrypt". Once
you know that your outgoing email will be correctly signed, you can
enable signing of the PDF encrypted email by selecting the PDF advanced
option "Sign email".

Kind regards,

Martijn Brinkers

Martijn, you wrote:
"Since you have the private key and the key can be used for signing you can select
  the key for signing."

How can I select the key for signing ?
If I want to select signing certificate for this user in Djigzo it tells me
"There are no matching certificates"
To check if the end-user certificate holds private keys I've tried to download the
private keys from the certficate and a PFX file is created.

Is there a "key" symbol next to the email address of the certificate? A
different way to check whether a private key is available is to show the
details of the certificate. If a key symbol is shown to the right of
"Certificate info", a private key is available. If there is no private
key available, you should import the certificate *and* private key from
the system on which the certificate and key was generated , i.e., export
the certificate and key as a .pfx and then import the pfx into the
djigzo certificate store.

Kind regards,

Martijn Brinkers

···

On 04/26/2012 12:37 PM, Perry Peeters wrote:

------------------------------

Message: 4
Date: Thu, 26 Apr 2012 11:19:55 +0200 (CEST)
From: Perry Peeters<p.peeters(a)deonet.nl>
Subject: assigning certficates
To: users(a)lists.djigzo.com
Message-ID:<9fa63a44-893a-4410-9c6e-7fb2f74374f4(a)deolinux1>
Content-Type: text/plain; charset=utf-8

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

------------------------------

Message: 5
Date: Thu, 26 Apr 2012 11:31:41 +0200
From: Martijn Brinkers<martijn(a)djigzo.com>
Subject: Re: assigning certficates
To: users(a)lists.djigzo.com
Message-ID:<4F9915FD.7030307(a)djigzo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 04/26/2012 11:19 AM, Perry Peeters wrote:

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

A key can be used as a signing key if you have the private key and if
the key usage allows the key to be used for signing. A (public) key can
be used for encryption if the key usage allows encryption. Since you
have the private key and the key can be used for signing you can select
the key for signing. Whether or not you can select it as an encryption
key does not matter. First make sure that your email will be correctly
signed. This can be done by deselecting "Only sign when encrypt". Once
you know that your outgoing email will be correctly signed, you can
enable signing of the PDF encrypted email by selecting the PDF advanced
option "Sign email".

Kind regards,

Martijn Brinkers

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

Further investigation learned that the certificate imported into Djigzo did not contain a private key.
The way to create a Comodo certificate file in Mozilla Firefox:
Edit / Preferences/ Advanced / Encryption / View Certificates / Backup All / Export
export to PKCSP12 format (certficates with private keys)

To check if Private keys are in this file: OpenSSL:
openssl pkcs12 -in <filename>.p12 -info

The signing certificate shows up automatically.

However still wasn't able to get S/MIME signed (non encrypted) emails
with the following setting on the global settings page:

- check 'S/MIME allowed'
- uncheck 'Only sign when encrypt'

···

----- Original Message -----
From: "Perry Peeters" <p.peeters(a)deonet.nl>
To: users(a)lists.djigzo.com
Sent: Thursday, April 26, 2012 12:37:36 PM
Subject: Re: assigning certficates

Martijn, you wrote:
"Since you have the private key and the key can be used for signing you can select
the key for signing."

How can I select the key for signing ?
If I want to select signing certificate for this user in Djigzo it tells me
"There are no matching certificates"
To check if the end-user certificate holds private keys I've tried to download the
private keys from the certficate and a PFX file is created.

Best regards,

Perry
------------------------------

Message: 4
Date: Thu, 26 Apr 2012 11:19:55 +0200 (CEST)
From: Perry Peeters <p.peeters(a)deonet.nl>
Subject: assigning certficates
To: users(a)lists.djigzo.com
Message-ID: <9fa63a44-893a-4410-9c6e-7fb2f74374f4(a)deolinux1>
Content-Type: text/plain; charset=utf-8

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

------------------------------

Message: 5
Date: Thu, 26 Apr 2012 11:31:41 +0200
From: Martijn Brinkers <martijn(a)djigzo.com>
Subject: Re: assigning certficates
To: users(a)lists.djigzo.com
Message-ID: <4F9915FD.7030307(a)djigzo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 04/26/2012 11:19 AM, Perry Peeters wrote:

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

A key can be used as a signing key if you have the private key and if
the key usage allows the key to be used for signing. A (public) key can
be used for encryption if the key usage allows encryption. Since you
have the private key and the key can be used for signing you can select
the key for signing. Whether or not you can select it as an encryption
key does not matter. First make sure that your email will be correctly
signed. This can be done by deselecting "Only sign when encrypt". Once
you know that your outgoing email will be correctly signed, you can
enable signing of the PDF encrypted email by selecting the PDF advanced
option "Sign email".

Kind regards,

Martijn Brinkers

Further investigation learned that the certificate imported into Djigzo did not contain a private key.
The way to create a Comodo certificate file in Mozilla Firefox:
Edit / Preferences/ Advanced / Encryption / View Certificates / Backup All / Export
export to PKCSP12 format (certficates with private keys)

To check if Private keys are in this file: OpenSSL:
openssl pkcs12 -in<filename>.p12 -info

The signing certificate shows up automatically.

However still wasn't able to get S/MIME signed (non encrypted) emails
with the following setting on the global settings page:

- check 'S/MIME allowed'
- uncheck 'Only sign when encrypt'

Are your sending your email with the same from address as the address in
the certificate?

Can you add a user object for the sender address and then click "signing
certificate" on the user settings page. Is the signing certificate selected?

Kind regards,

Martijn Brinkers

···

On 04/26/2012 03:37 PM, Perry Peeters wrote:

----- Original Message -----
From: "Perry Peeters"<p.peeters(a)deonet.nl>
To: users(a)lists.djigzo.com
Sent: Thursday, April 26, 2012 12:37:36 PM
Subject: Re: assigning certficates

Martijn, you wrote:
"Since you have the private key and the key can be used for signing you can select
  the key for signing."

How can I select the key for signing ?
If I want to select signing certificate for this user in Djigzo it tells me
"There are no matching certificates"
To check if the end-user certificate holds private keys I've tried to download the
private keys from the certficate and a PFX file is created.

Best regards,

Perry
------------------------------

Message: 4
Date: Thu, 26 Apr 2012 11:19:55 +0200 (CEST)
From: Perry Peeters<p.peeters(a)deonet.nl>
Subject: assigning certficates
To: users(a)lists.djigzo.com
Message-ID:<9fa63a44-893a-4410-9c6e-7fb2f74374f4(a)deolinux1>
Content-Type: text/plain; charset=utf-8

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

------------------------------

Message: 5
Date: Thu, 26 Apr 2012 11:31:41 +0200
From: Martijn Brinkers<martijn(a)djigzo.com>
Subject: Re: assigning certficates
To: users(a)lists.djigzo.com
Message-ID:<4F9915FD.7030307(a)djigzo.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 04/26/2012 11:19 AM, Perry Peeters wrote:

We want our Djigzo to PDF encrypt and S/MIME sign using a Comodo Secure Email certificate
for a specific user (originator).
The Key Usage of the certificate shows: "keyEncipherment, digitalSignature".
Unfortunately the certificate for this user shows up in Djigzo as encryption certificate not as signing certificate
and I can't unassign / reassign.
Also I can't assign the certificate as signing certficate.
Because of this setup emails are S/MIME encrypted not signed, not what I want.
Is there a solution ?

A key can be used as a signing key if you have the private key and if
the key usage allows the key to be used for signing. A (public) key can
be used for encryption if the key usage allows encryption. Since you
have the private key and the key can be used for signing you can select
the key for signing. Whether or not you can select it as an encryption
key does not matter. First make sure that your email will be correctly
signed. This can be done by deselecting "Only sign when encrypt". Once
you know that your outgoing email will be correctly signed, you can
enable signing of the PDF encrypted email by selecting the PDF advanced
option "Sign email".

Kind regards,

Martijn Brinkers

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

Zitat von Perry Peeters <p.peeters(a)deonet.nl>:

Further investigation learned that the certificate imported into
Djigzo did not contain a private key.
The way to create a Comodo certificate file in Mozilla Firefox:
Edit / Preferences/ Advanced / Encryption / View Certificates /
Backup All / Export
export to PKCSP12 format (certficates with private keys)

To check if Private keys are in this file: OpenSSL:
openssl pkcs12 -in <filename>.p12 -info

The signing certificate shows up automatically.

However still wasn't able to get S/MIME signed (non encrypted) emails
with the following setting on the global settings page:

- check 'S/MIME allowed'
- uncheck 'Only sign when encrypt'

Do you have selected "Import certificates" instead of "Import keys"
maybe? This would explain why you don't have a key in Djigzo to sign
with.

Regards

Andreas