Use SMIME certificates without LDAP or AD?

Hi.

Is it possible to upload SMIME certificates with the standard database backend?

There’s an example how to search for all valid installed certificates using python-kopano, but I didn’t find any hints how to upload certificates…
If possible, I would prefere the simple kopano-admin solution instead of openldap (slapd)…

Best regards,
X

Hi @xplod ,

The smime functionality is almost completely independent of the user backend.

@fbartels said in Use SMIME certificates without LDAP or AD?:

The smime functionality is almost completely independent of the user backend.

That’s good to hear.
But I can’t encrypt email message, because I always get the message “Missing public certificates for the following recipients: <>. Please contact your system administrator for details”.

Somewhere was stated that a public certificate is stored the moment it is received, but I’ve got a valid encrypted email in my inbox but kopano is not able to reply to it with encryption enabled.
The SMIME plugin settings page doesn’t show any other certificate than mine.

So how can I add a public SMIME certificate with standard database backend?
I already added the specific email to the global address book by adding the user via kopano-admin -c … -n 1, but that didn’t change a thing…

But do I have to do to install a valid certifiate to be able to send an encrypted message?

Best regards,
X

Hello @xplod ,

I have then moved your post into the WebApp plugin section (as its more about the s/mime plugin, than Kopano Core).

You at first need to receive a signed email from the recipient to have his public cert stored.

@fbartels said in Use SMIME certificates without LDAP or AD?:

You at first need to receive a signed email from the recipient to have his public cert stored.

An encrypted email is in my inbox.
If I want to open it, I have to enter my password, and after that, the mail states “Message decrypted succesfully”.
In the “SMIME Message” column, the mail is displayed with a closed lock icon.

But I have no public certificate in my SMIME settings tab.

Hi @xplod ,

you’ve lost me. Are you just wondering where the public part is stored or do you get an error when opening a mail?

@fbartels said in Use SMIME certificates without LDAP or AD?:

Hi @xplod ,

you’ve lost me. Are you just wondering where the public part is stored or do you get an error when opening a mail?

I can open incoming, encrypted mail.
But if I want to replay to an encrypted mail with an encrypted message, I get “Missing public certificates”.

Simply I want to know what I have do to store the public key in kopano.
It looks like kopano should store the received public key automatically, but it doesn’t do so.

So my actual questions are:
1.) Can I somehow manually upload a public key (I’ve found solutions for LDAP and AD, but not for database backend)
2.) Do I have to upgrade my database somehow to allow kopano to store incoming public certificates?

Thank you for your kind help.

Best regards,
X

@xplod said in Use SMIME certificates without LDAP or AD?:

1.) Can I somehow manually upload a public key (I’ve found solutions for LDAP and AD, but not for database backend)

The public certs are not stored in the user backend, but in the store. so the scripts you have found should also work with the database backend.

@xplod said in Use SMIME certificates without LDAP or AD?:

2.) Do I have to upgrade my database somehow to allow kopano to store incoming public certificates?

no for above reason.

Which version of the s/mime plugin are you running? This functionality was broken in the 2.2.0beta1 and fixed in the 2.2.0beta2 (https://jira.kopano.io/browse/KSP-147)

Maybe this can also help:
https://documentation.kopano.io/webapp_smime_manual/certificate_management.html#use-public-keys-from-global-address-book-users

@marty said in Use SMIME certificates without LDAP or AD?:

Which version of the s/mime plugin are you running? This functionality was broken in the 2.2.0beta1 and fixed in the 2.2.0beta2 (https://jira.kopano.io/browse/KSP-147)

Maybe this can also help:
https://documentation.kopano.io/webapp_smime_manual/certificate_management.html#use-public-keys-from-global-address-book-users

I am using the current version on kopano.io: smime-1.0.00_0+10.1-Ubuntu_16.04-amd64
I updated the kopano smime webapp plugin today, because, although my installed version had the same name, the files on kopano.io differed…

The link you send is the one I am refering to. I do not use LDAP or AD, and I am not able to write a python script to upload a certificate using the example provided…

Best regards,
X

It’s not possible to manually upload your public certificate. There is a ticket for this though: https://jira.kopano.io/browse/KSP-48 so please track it to get updates.

If not using LDAP / AD in combination with PR_EMS_AB_TAGGED_X509_CERT property you need to receive a signed message of a user. When reading this message the public key will be imported and you can make an encrypted email.

OK, so it isn’t possible to upload certificates.
I have received multiple encrypted mails, but the S/MIME settings page displays ony my own 2 certificates (private and public).
I have opened the encrypted email in webapp and DeskApp, the S/MIME page stays empty and doesn’t list any other certificates than mine…

May I send you a PN with my private email so that you can send me an encrypted message? Perhaps it’s an issue with the used certificate.

You should receive signed emails

@marty said in Use SMIME certificates without LDAP or AD?:

You should receive signed emails

Ahh. That’s it.

You have to click on the “signed” symbol to do a certificate check. If the check succedes, the cert is added to the cert store…
Would it be possible to add the same mechanism to encrypted mails?

Best regards, and thanks for your help.
X