Mirrors/FairEmail
1
0
Fork 0
mirror of https://github.com/M66B/FairEmail.git synced 2025-12-11 17:29:48 +01:00
Code Issues Packages Projects Releases Wiki Activity

Updated FAQ

Browse Source
This commit is contained in:
M66B
2025-02-07 17:53:24 +01:00
parent 5e1c70adb6
commit f61f214b2a
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
FAQ.md
View File

@@ -1123,6 +1123,12 @@ Your certificate > zero or more intermediate certificates > CA (root) certificat
Note that a certificate chain will always be invalid when no anchor certificate can be found in the Android key store,
which is fundamental to S/MIME certificate validation.
This means that your private key should include all intermediate certificates (but not the root certificate).
This command might be useful for that:
```
openssl pkcs12 -export -in certificatechain.crt -inkey private.key -out certificate.pfx
```
Please see [here](https://support.google.com/pixelphone/answer/2844832?hl=en) how you can import certificates into the Android key store.

3
index.html
View File

@@ -783,7 +783,8 @@ openssl pkcs12 -export -legacy -in certbag.pem &gt;legacy.p12</code></pre>
<p>In case the certificate chain is incorrect, you can tap on the little info button to show the all certificates. After the certificate details the issuer or “selfSign” is shown. A certificate is self signed when the subject and the issuer are the same. Certificates from a certificate authority (CA) are marked with “<a href="https://tools.ietf.org/html/rfc5280#section-4.2.1.3">keyCertSign</a>”. You can find the description of other key usage bits, like <em>cRLSign</em>, via this same link. Certificates found in the Android key store are marked with “Android”.</p>
<p>A valid chain looks like this:</p>
<pre><code>Your certificate &gt; zero or more intermediate certificates &gt; CA (root) certificate marked with &quot;Android&quot;</code></pre>
<p>Note that a certificate chain will always be invalid when no anchor certificate can be found in the Android key store, which is fundamental to S/MIME certificate validation.</p>
<p>Note that a certificate chain will always be invalid when no anchor certificate can be found in the Android key store, which is fundamental to S/MIME certificate validation. This means that your private key should include all intermediate certificates (but not the root certificate). This command might be useful for that:</p>
<pre><code>openssl pkcs12 -export -in certificatechain.crt -inkey private.key -out certificate.pfx</code></pre>
<p>Please see <a href="https://support.google.com/pixelphone/answer/2844832?hl=en">here</a> how you can import certificates into the Android key store.</p>
<p>The use of expired keys, inline encrypted/signed messages and hardware security tokens is not supported.</p>
<p>If you are looking for a free (test) S/MIME certificate, see <a href="http://kb.mozillazine.org/Getting_an_SMIME_certificate">here</a> for the options. Please be sure to <a href="https://davidroessli.com/logs/2019/09/free-smime-certificates-in-2019/#update20191219">read this first</a> if you want to request an S/MIME Actalis certificate.</p>