There are no valid S/MIME encryption certificates for the recipient

As far as I can tell this just started to happen today. I thought no emails were being encrypted (all domain based or subject triggers) but it appears some are going through. All of the certificates for domain xyzzy.com come from the same place and when I look at them they all seem to be valid and similar. How can I tell why it isn't selecting a certificate? I have sent emails to these people in the past and it has worked.

21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption certificates for the recipient(s); MailID: cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients: [Tim.Tomf(a)us.xyzzy.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients: [keyservice(a)de.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients: [Rb.Trustcenter(a)de.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: 18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients: [manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: ba0c27df-02e7-452b-8545-6abc87df205f; Recipients: [Manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption certificates for the recipient(s); MailID: 5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients: [Sar.Tay(a)us.xyzzy.com] (mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [dfd(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: 9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients: [dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption certificates for the recipient(s); MailID: 54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients: [dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

Thanks,

Dale

As far as I can tell this just started to happen today. I thought no
emails were being encrypted (all domain based or subject triggers)
but it appears some are going through. All of the certificates for
domain xyzzy.com come from the same place and when I look at them
they all seem to be valid and similar. How can I tell why it isn't
selecting a certificate? I have sent emails to these people in the
past and it has worked.

Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no
valid certificate (but there should be)

3. Check if the found certificates are valid, i.e., shown with a white
background. If the background is gray or red, click on the subject field
to view the certificate details.

Kind regards,

Martijn Brinkers

···

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients:
[Tim.Tomf(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients:
[keyservice(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients:
[Rb.Trustcenter(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients:
[manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients:
[Manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients:
[Sar.Tay(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [dfd(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients: [dale(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients: [dale(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

Thanks,

Dale

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail

For my test address I have 3 certificates, they all show in a white background, they have different validity dates and are all in range. The key usage on them digitalSignature, extended emailProtection, clientAuth. A user that works has a couple like that but also one cert with a usage of keyEncipherment and extended of emailProtection.

I would have thought any of them would have worked.

···

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, November 21, 2017 2:52 PM
To: users(a)lists.djigzo.com
Cc: de Longpre, Dale
Subject: Re: There are no valid S/MIME encryption certificates for the recipient

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

As far as I can tell this just started to happen today. I thought no
emails were being encrypted (all domain based or subject triggers) but
it appears some are going through. All of the certificates for domain
xyzzy.com come from the same place and when I look at them they all
seem to be valid and similar. How can I tell why it isn't selecting a
certificate? I have sent emails to these people in the past and it
has worked.

Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no valid certificate (but there should be)

3. Check if the found certificates are valid, i.e., shown with a white background. If the background is gray or red, click on the subject field to view the certificate details.

Kind regards,

Martijn Brinkers

21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients:
[Tim.Tomf(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients:
[keyservice(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients:
[Rb.Trustcenter(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients:
[manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients:
[Manny.man(a)us.xyzzy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients:
[Sar.Tay(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [dfd(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients: [dale(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients: [dale(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

Thanks,

Dale

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

Twitter: http://twitter.com/CipherMail

For my test address I have 3 certificates, they all show in a white
background, they have different validity dates and are all in range.
The key usage on them digitalSignature, extended emailProtection,
clientAuth. A user that works has a couple like that but also one
cert with a usage of keyEncipherment and extended of
emailProtection.

I would have thought any of them would have worked.

A certificate with a key usage of "digitalSignature, extended
emailProtection, clientAuth" cannot be used for encryption only for
digital signing.

The key usage for encryption should either be empty or contain
"keyEncipherment".

Kind regards,

Martijn Brinkers

···

On 21-11-17 21:10, de Longpre, Dale wrote:

-----Original Message----- From: Martijn Brinkers
[mailto:martijn(a)ciphermail.com] Sent: Tuesday, November 21, 2017 2:52
PM To: users(a)lists.djigzo.com Cc: de Longpre, Dale Subject: Re:
There are no valid S/MIME encryption certificates for
the recipient

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

As far as I can tell this just started to happen today. I thought
no emails were being encrypted (all domain based or subject
triggers) but it appears some are going through. All of the
certificates for domain xyzzy.com come from the same place and when
I look at them they all seem to be valid and similar. How can I
tell why it isn't selecting a certificate? I have sent emails to
these people in the past and it has worked.

Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no
valid certificate (but there should be)

3. Check if the found certificates are valid, i.e., shown with a
white background. If the background is gray or red, click on the
subject field to view the certificate details.

Kind regards,

Martijn Brinkers

21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients:
[Tim.Tomf(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients:
[keyservice(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients:
[Rb.Trustcenter(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients:
[manny.man(a)us.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients:
[Manny.man(a)us.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients:
[Sar.Tay(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [dfd(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients:
[dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients:
[dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #2]

Thanks,

Dale

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com
https://lists.djigzo.com/lists/listinfo/users

-- CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail

Martijn, I had installed djigzo about 5 years ago and ran that until about 4 months ago when I wanted to try PGP signatures and upgraded to ciphermail (that process was fantastic BTW!). Could it have been using those certificates in djigzo? I believe I used to use this certificates as I used to encrypt.

As always, thank you for your awesome program and all of your help!

Dale

···

-----Original Message-----
From: Martijn Brinkers [mailto:martijn(a)ciphermail.com]
Sent: Tuesday, November 21, 2017 3:17 PM
To: de Longpre, Dale; users(a)lists.djigzo.com
Subject: Re: There are no valid S/MIME encryption certificates for the recipient

On 21-11-17 21:10, de Longpre, Dale wrote:

For my test address I have 3 certificates, they all show in a white
background, they have different validity dates and are all in range.
The key usage on them digitalSignature, extended emailProtection,
clientAuth. A user that works has a couple like that but also one
cert with a usage of keyEncipherment and extended of emailProtection.

I would have thought any of them would have worked.

A certificate with a key usage of "digitalSignature, extended emailProtection, clientAuth" cannot be used for encryption only for digital signing.

The key usage for encryption should either be empty or contain "keyEncipherment".

Kind regards,

Martijn Brinkers

-----Original Message----- From: Martijn Brinkers
[mailto:martijn(a)ciphermail.com] Sent: Tuesday, November 21, 2017 2:52
PM To: users(a)lists.djigzo.com Cc: de Longpre, Dale Subject: Re:
There are no valid S/MIME encryption certificates for
the recipient

On 21-11-17 20:42, de Longpre, Dale via Users wrote:

As far as I can tell this just started to happen today. I thought no
emails were being encrypted (all domain based or subject
triggers) but it appears some are going through. All of the
certificates for domain xyzzy.com come from the same place and when I
look at them they all seem to be valid and similar. How can I tell
why it isn't selecting a certificate? I have sent emails to these
people in the past and it has worked.

Can you check the following:

1. Open certificates view

2. filter on email address for which the system reports there is no
valid certificate (but there should be)

3. Check if the found certificates are valid, i.e., shown with a white
background. If the background is gray or red, click on the subject
field to view the certificate details.

Kind regards,

Martijn Brinkers

21 Nov 2017 08:42:33 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
cbb2820b-75a5-4c00-9ddf-8eda62aea341; Recipients:
[Tim.Tomf(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 09:09:41 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
e13bd596-ed8d-49e4-a99f-9027d26aec96; Recipients:
[keyservice(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 09:14:01 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
f2a3e321-ecc7-4746-aa45-0363872a10be; Recipients:
[Rb.Trustcenter(a)de.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]

21 Nov 2017 10:05:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
18462f58-9ffb-45cc-8d87-1bea8aa23270; Recipients:
[manny.man(a)us.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #3]

21 Nov 2017 11:44:38 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
ba0c27df-02e7-452b-8545-6abc87df205f; Recipients:
[Manny.man(a)us.xyzzy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #0]

21 Nov 2017 13:30:58 | INFO There are valid S/MIME encryption
certificates for the recipient(s); MailID:
5d6fc5f7-c259-4ee0-8ef7-a3d7cfad4c4b; Recipients:
[Sar.Tay(a)us.xyzzy.com]
(mitm.application.djigzo.james.mailets.Default) [Spool Thread #3]

21 Nov 2017 14:07:45 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
c237b9f6-36bc-412c-a3c4-406d261b19fe; Recipients: [dfd(a)howdy.com];
(mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]

21 Nov 2017 14:08:12 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
9bebe358-6597-4819-b0e2-1aef3e01a3e3; Recipients:
[dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #3]

21 Nov 2017 14:12:26 | INFO There are no valid S/MIME encryption
certificates for the recipient(s); MailID:
54f21d50-bcf0-47d9-9e16-1e2cf8bdff5c; Recipients:
[dale(a)howdy.com]; (mitm.application.djigzo.james.mailets.Log)
[Spool Thread #2]

Thanks,

Dale

_______________________________________________ Users mailing list
Users(a)lists.djigzo.com https://lists.djigzo.com/lists/listinfo/users

-- CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

https://www.ciphermail.com

Twitter: http://twitter.com/CipherMail

--
CipherMail email encryption

Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.

Twitter: http://twitter.com/CipherMail