Hi,
I'm struggling to get Auto-request Certificate to work.
So far I have:
- Created a CA (internal) + Intermediate and made it default CA
- Created a Domain with Locality = Internal
- In Global Settings activated "Auto Request Certificate" and de-selected "Only sign when encrypt"
- Configured the MTA to work properly
But when I'm sending a mail from the domain I configured, no certificate get's created for that new user, and the message isn't signed.
What am I missing here?
Thanks in advance
Christian Merz
Did you override other (global or user) settings?
Are you sure that there is not already a certificate for the user?
Kind regards,
Martijn
···
On 05/19/2011 02:16 PM, Merz, Christian wrote:
Hi,
I'm struggling to get Auto-request Certificate to work.
So far I have:
- Created a CA (internal) + Intermediate and made it default CA
- Created a Domain with Locality = Internal
- In Global Settings activated "Auto Request Certificate" and de-selected "Only sign when encrypt"
- Configured the MTA to work properly
But when I'm sending a mail from the domain I configured, no certificate get's created for that new user, and the message isn't signed.
What am I missing here?
--
Djigzo open source email encryption
Did you override other (global or user) settings?
I configured the following global settings:
Only sign when encrypt = off
Max message size = 0
Subject trigger = [crypt]
Enabled = on
PDF Max Message Size = 0
Force encrypt allowed = on
Auto request certificate = on
Skip Calendar = on
Skip Signing Calendar = on
The Domain I configured inherits all settings, except Locality = Internal
Are you sure that there is not already a certificate for the user?
Yes, as I didn't add any User, I want them all to be added automatically.
Since you set "Max message size" to 0 for S/MIME (and PDF), no email
will ever be S/MIME signed and or encrypted since every email will be
larger in size than 0. Since no S/MIME is required, no certificate is
requested. You should set the "Max message size" to something larger
than 0. What you probably expected was that 0 would mean "no limit".
Unfortunately it's currently not possible to specify that you do not
want any limit to you should select a large number (larger than the MTA
max message size) if you do not want any limit. I will see whether I can
allow -1 to mean "no limit".
Kind regards,
Martijn
···
On 01/-10/-28163 08:59 PM, Merz, Christian wrote:
Did you override other (global or user) settings?
I configured the following global settings:
Only sign when encrypt = off
Max message size = 0
Subject trigger = [crypt]
Enabled = on
PDF Max Message Size = 0
Force encrypt allowed = on
Auto request certificate = on
Skip Calendar = on
Skip Signing Calendar = on
--
Djigzo open source email encryption
Since you set "Max message size" to 0 for S/MIME (and PDF), no email
will ever be S/MIME signed and or encrypted since every email will be
larger in size than 0. Since no S/MIME is required, no certificate is
requested. You should set the "Max message size" to something larger
than 0. What you probably expected was that 0 would mean "no limit".
Unfortunately it's currently not possible to specify that you do not
want any limit to you should select a large number (larger than the MTA
max message size) if you do not want any limit. I will see whether I can
allow -1 to mean "no limit".
You are right, works like a charm now 
Indeed, I expected it to mean "no limit".
I don't think I'll really need a "no limit" option for production use, it
was just for testing, but I think a 0 should be "no limit", as it's imho
counter-intuitive that it practically disables S/MIME or PDF.
Regards,
Christian