On Sunday 20 of May 2007 20:16:43 Mick wrote: > OK, I also tried Validate with CRL and I am now getting a CRL related > error: ============================================================= > 5 - 2007-05-20 19:09:00 gpg-agent[7251]: handler 0x80c8820 for fd 0 > terminated 7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- ISVALID > CDECFDC58640B7262B39CCB59B61E8EEFF2ED4D0.0380C6 > 7 - 2007-05-20 19:09:01 dirmngr[9532]: no CRL available for issuer id > CDECFDC58640B7262B39CCB59B61E8EEFF2ED4D0 > 7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: -> INQUIRE SENDCERT > 7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- [ 44 20 30 82 05 > 42 30 82 03 2a a0 03 02 01 02 02 03 03 80 c6 30 25 30 44 06 09 2a [snip ] 7 > - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- [ 44 20 1c 45 de 3e > 49 63 5f 1f 65 58 03 4f 5c 08 82 ef cd b0 15 bd a7 2b 3e 58 76 [snip ] 7 - > 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: <- END > 7 - 2007-05-20 19:09:01 dirmngr[9532]: crl_fetch via issuer failed: > Configuration error > 7 - 2007-05-20 19:09:01 dirmngr[9532]: command ISVALID failed: > Configuration error > 7 - 2007-05-20 19:09:01 dirmngr[9532.0x8080078] DBG: -> ERR 167772275 > Configuration error > 6 - 2007-05-20 19:09:01 gpgsm[9531]: response of dirmngr: ec=10.115 > 6 - 2007-05-20 19:09:01 gpgsm[9531]: checking the CRL failed: > Configuration error > 6 - 2007-05-20 19:09:01 gpgsm[9531.0x80806a0] DBG: -> S INV_RECP 0 > 9964FAAE960AD708013D03A5CC3E6023CDC3E990 > 6 - 2007-05-20 19:09:01 gpgsm[9531.0x80806a0] DBG: -> ERR 167772275 > Configuration error > 6 - 2007-05-20 19:09:04 gpgsm[9531.0x80806a0] DBG: <- BYE > 6 - 2007-05-20 19:09:05 gpgsm[9531.0x80806a0] DBG: -> OK closing > connection 7 - 2007-05-20 19:09:05 dirmngr[9532.0x8080078] DBG: <- [EOF] > ============================================================= > > What should I use OCP or CRL and if the latter how am I supposed to > configure this? Ugh. Well, they say a picture is worth a thousand words: http://imgs.xkcd.com/comics/unspeakable_pun.jpg Now that I checked with some random signed mails on this list, it turns out my setup shows exactly the same symptoms as yours, i.e. it can't download certain CRLs and cacert's OCP doesn't work. To be frank, what I really needed S/MIME to work for are the bills my telco issues through e-mail. After installing dimngr and the relevant certificate, kmail recognizes signature in their bills correctly. Funny thing is, kleopatra can and does download certain CRLs correctly using URLs embedded in a certificate, but can't do so for some others. And even if it can download a CRL, it then can't download the issuer certificate which makes it a bit useless. I haven't a clue how to proceed, as documentation seems a bit scarce. As there are people on this list who use S/MIME signatures I guess it can be made to work. Perhaps someone could chime in? Regards Jure