smime support

Talk about anything that doesn't fit in the other catagories :) (and of course is about Group-Office)

Moderator: Developers

vogtj
Posts: 1
Joined: Wed Aug 22, 2012 8:36 pm

smime support

Postby vogtj » Wed Aug 22, 2012 8:50 pm

I installed Groupoffice version 4.0.89 to test smime-support, but I can not find any possibility to use or activate it. Do I have to install any module?

System: Linux dd12206 2.6.32-41-server #91-Ubuntu SMP Wed Jun 13 11:58:56 UTC 2012 x86_64
PHP Version 5.3.13-nmm1
OpenSSL Library Version: OpenSSL 0.9.8k 25 Mar 2009

Thanks for help!

Jo
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: smime support

Postby mschering » Wed Aug 29, 2012 2:07 pm

I've written some docs about it:

http://wiki4.group-office.com/wiki/E-mail#SMIME
Best regards,

Merijn Schering
Intermesh
groupxx
Posts: 4
Joined: Tue Dec 18, 2012 10:00 am

Re: smime support

Postby groupxx » Tue Dec 25, 2012 3:24 pm

Realy unfortunate that GO doesn't use simple PGP (inline/MIME) but S-MIME.
I do not want to register anywhere to get a certificate.
So I created my own one.

But as exptected it doesn't work and I get
"Notice: Undefined variable: certData in /tmp/GO/modules/smime/controller/CertificateController.php on line 90"
and
"error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error"

Can I make GO more relaxed about the certificates or simply disable the test, import the certs by hand, force the import etc., or import my root-cert somewhere?

Any help would be nice.
groupxx
Posts: 4
Joined: Tue Dec 18, 2012 10:00 am

Re: smime support

Postby groupxx » Fri Dec 28, 2012 11:18 am

Intermesh wrote:I've written some docs about it:

http://wiki4.group-office.com/wiki/E-mail#SMIME

Is there some plan to go to pgp/mime?
Getting S-Mime Certs is a horror. Just tried with startcom.
They insist on your privat telefon number, which is unacceptable.
And of course WebPG 0.9.0 doesn't work either. (crashes in FF 17.x)
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: smime support

Postby mschering » Fri Jan 04, 2013 12:32 pm

No you have to use real certificates. You can get one easily from comodo.
Best regards,

Merijn Schering
Intermesh
dxisto
Posts: 17
Joined: Fri Jun 29, 2012 3:16 pm

Re: smime support

Postby dxisto » Wed Jun 19, 2013 3:28 pm

I'm getting this error:
"The certificate is invalid!
error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error"

Do you have an example of smime_root_cert_location parameter in config.php file?
I'm in Brazil and I think I need to include ICP-B root certificates for verification work, but I don't know how to do that.
I already tried to download http://acraiz.icpbrasil.gov.br/ICP-Brasilv3.crt and specified this file in smime_root_cert_location but didn't work.
And another question: Is it possible to include multiple root files?

Thank you in advance.
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: smime support

Postby mschering » Thu Jun 20, 2013 3:02 pm

You can put that file on the server and put the path in the config option.

GO will pass it as "extracerts" parameter to this function:

http://php.net/manual/en/function.opens ... 7-sign.php
Best regards,

Merijn Schering
Intermesh
dxisto
Posts: 17
Joined: Fri Jun 29, 2012 3:16 pm

Re: smime support

Postby dxisto » Fri Jun 21, 2013 12:48 pm

First of all, thank you for your reply.
I did that and now it worked for some certificates.
But here in Brazil, the root certificate chain provider uses different version of their root file, for example:
- http://acraiz.icpbrasil.gov.br/ICP-Brasilv3.crt
- http://acraiz.icpbrasil.gov.br/ICP-Brasilv2.crt
- http://acraiz.icpbrasil.gov.br/ICP-Brasilv1.crt
Is there any way to pass these three certificates as extracerts instead of just one?
mschering
Site Admin
Site Admin
Posts: 8333
Joined: Tue Apr 20, 2004 1:06 pm
Location: The Netherlands - Den Bosch
Contact:

Re: smime support

Postby mschering » Fri Jun 21, 2013 1:16 pm

Yes, you can pass the directory with the certs.
Best regards,

Merijn Schering
Intermesh

Who is online

Users browsing this forum: No registered users and 1 guest

cron