Hi all!

I don’t understand how this could work …

Running KC with the last Zarafa Plugin on Outlook 2016, I start to fiddle around with S/MIME. My mails get signed, and I can also sucessfully exchange encrypted mails with people OUTSIDE of of my organisation.

But trying to encrypt a mail internally does not work, obvisously because Outlook is not able to store back the S/MIME certificate from my colleque to the LDAP server where the GAB is built from, and where the internal E-Mail adresses are resolved to.

I don’t see how this could ever work … or am I wrong? Do I have to do something to “enhance” my LDAP with the S/MIME certificates of the internal staff? Where can I find documentation on this?

Thank you for any advice,


Could you specify a bit better which versions you are using?


Kopano on Debian 8 x64
Outlook 365 (=Outlook 2016)
Zarafa Client
OpenLDAP 2.4.40
z-push 2.3.9 with a Android-based mobile phone using the app "nine"
KOE not installed

you need no include the users certificate in your gab (and therefore ldap). The attribute

#0x3A220102     =       userCertificate

is used for that.

Ah, I need to add the user certificate in LDAP. That makes sense.

I’ll try this.