S/MIME issue with outlook 2013 - where are pub certs stored?

Hi Folks,

we’re using latest stable kopano pro with outlook 2013 users with KOE. outlook is set to encrypt all outgoing mails. Quite often, outlook encrypts outgoing mails in a way, that they are not readable anymore - neither for the sender nor the receiver. We suspect, that outlook is getting from somewhere, wrong certs for recipients and then messing it up. Where are the pub certs saved in a kopano environment? If i check in webapp - i see a lot of certs present for users. Where are they stored and how made available to clients like outlook?

Thank you.

stefan

Hi @plzk-de ,

with or without Outlook (you write without in the thread title)?

Generally speaking we don’t influence how Outlook handles signature storage and signing/encrypting mails when using s/mime. So certificates imported to the WebApp cannot be used in Outlook.

The way that Outlook stores certificates is as an additional value as part of the persons entry in your addressbook.

Please have in mind (as shown in the client comparison brochure) that Outlook won’t be able to read encrypted messages from the sent items (client limitation).

@fbartels said in S/MIME issue without outlook 2013 - where are pub certs stored?:

Thank you. The brochure is outdated. why the heck is ther no document date?

Credentials additional
accounts required opening addititonal accounts…

So using outlook, we can not read sent mails.
When using webApp we can not encrypt received mails from outlook. seriously?

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

The brochure is outdated

why do you think its outdated? it was actually updated last month.

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

Credentials additional
accounts required opening addititonal accounts…

what do you want to tell us with this?

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

When using webApp we can not encrypt received mails from outlook.

do you have steps to reproduce this? which version of the s/mime plugin are you using?

It’s outdated because it states, that you need credentials of foreign accounts to open them. with KOE you can without having credentials, open remote folders. so thats why its outdated.

It’s in your ticket system - fixed in beta of smime webapp plugin -but this is still beta since half a year.

we reported this almost a year ago.

https://jira.kopano.io/browse/KSP-88

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

you need credentials of foreign accounts to open them

if you want to open a full account you still need these added credentials. what you are talking about if opening individual folders. this indeed works and is also listed as a feature.

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

we reported this almost a year ago.
https://jira.kopano.io/browse/KSP-88

yes, and the ticket is fixed and the version it states to include the fix has also been released.

@fbartels

Please have in mind (as shown in the client comparison brochure) that Outlook won’t be able to read encrypted messages from the sent items (client limitation).

I can not confirm this and think ,there there is some misunderstanding and probably the source of our problem.
I can send an encrypted email from outlook 2013 over kopano to some recipients and read the mail in sent items. See:
https://technet.microsoft.com/en-us/library/aa997803(v=exchg.65).aspx?f=255&MSPPError=-2147217396

All it needs is the private key of the sender as outlook creates a “local copy - encrypted with the public key of the sender

@fbartels said in [S/MIME issue with outlook 2013 - where are pub certs

Generally speaking we don’t influence how Outlook handles signature storage and signing/encrypting mails when using s/mime. So certificates imported to the WebApp cannot be used in Outlook.

But you are saying here,
https://forum.kopano.io/topic/740/use-smime-certificates-without-ldap-or-ad/8?loggedin=true

that “The public certs are not stored in the user backend, but in the store.”

As my outlook has not a single addressbook entry but stil can encrypt outgoing mails, the public certs must coming from somewhere.

@plzk-de said in S/MIME issue with outlook 2013 - where are pub certs stored?:

As my outlook has not a single addressbook entry but stil can encrypt outgoing mails, the public certs must coming from somewhere.

I don’t see where I was saying contradicting things. To my knowledge Outlook is storing public keys in the contacts, if you don’t have contacts then it indeed must me coming from somewhere else, but that is more of an Outlook topic, than a Kopano one.