We recently upgraded Ciphermail from a 3.x version (cannot recall which version) to 4.1.3. Since doing so, we're getting Tomcat 404 errors at https://server.fqdn:8443/ciphermail/. I'm looking for some help troubleshooting this if anyone has some insight.
The server is running Ubuntu Server 16.04, we're using the deb packages from the website, and using Tomcat 7. This server has nothing else installed on it and the OS is fully up to date.
catalina.out says that /usr/share/djigzo-web/conf/spring/spring.properties.d is not a directory, but it is. Here's catalina.out after a restart of tomcat and an ls of /usr/share/djigzo-web/conf/spring/spring.properties.d:
root@ciphermail:/var/log/tomcat7# cat catalina.out
Dec 26, 2018 12:50:55 PM org.apache.coyote.AbstractProtocol pause
INFO: Pausing ProtocolHandler ["http-bio-8443"]
Dec 26, 2018 12:50:55 PM org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
Dec 26, 2018 12:50:56 PM org.apache.coyote.AbstractProtocol stop
INFO: Stopping ProtocolHandler ["http-bio-8443"]
Dec 26, 2018 12:50:56 PM org.apache.coyote.AbstractProtocol destroy
INFO: Destroying ProtocolHandler ["http-bio-8443"]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/common/classes], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/common], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/server/classes], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/server], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/shared/classes], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:56 PM org.apache.catalina.startup.ClassLoaderFactory validateFile
WARNING: Problem with directory [/usr/share/tomcat7/shared], exists: [false], isDirectory: [false], canRead: [false]
Dec 26, 2018 12:50:57 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8443"]
Dec 26, 2018 12:50:58 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1005 ms
Dec 26, 2018 12:50:58 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
Dec 26, 2018 12:50:58 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.68 (Ubuntu)
Dec 26, 2018 12:50:58 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor /etc/tomcat7/Catalina/localhost/ciphermail.xml
Dec 26, 2018 12:51:07 PM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Root WebApplicationContext: initialization started (org.springframework.web.context.ContextLoader)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Refreshing Root WebApplicationContext: startup date [Wed Dec 26 12:51:08 EST 2018]; root of context hierarchy (org.springframework.web.context.support.XmlWebApplicationContext)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Loading XML bean definitions from ServletContext resource [/WEB-INF/spring.xml] (org.springframework.beans.factory.xml.XmlBeanDefinitionReader)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO You are running with Spring Security Core 3.2.5.RELEASE (org.springframework.security.core.SpringSecurityCoreVersion)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Spring Security 'config' module version is 3.2.5.RELEASE (org.springframework.security.config.SecurityNamespaceHandler)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, <bannedAuthenticationProcessingFilter>, order = 1100, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2000, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2100, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2200, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2300] (org.springframework.security.config.http.HttpSecurityBeanDefinitionParser)
[26 Dec 2018 12:51:08 localhost-startStop-1] INFO Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@23d6724f: defining beans [mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer#0,authenticationEntryPoint,bannedAuthenticationProcessingFilter,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.web.DefaultSecurityFilterChain#3,org.springframework.security.web.DefaultSecurityFilterChain#4,org.springframework.security.web.DefaultSecurityFilterChain#5,org.springframework.security.web.DefaultSecurityFilterChain#6,org.springframework.security.web.DefaultSecurityFilterChain#7,org.springframework.security.web.DefaultSecurityFilterChain#8,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#9,adminPasswordEncoder,portalPasswordEncoder,userDetailsService,authenticationEventListener,jobScheduler]; root of factory hierarchy (org.springframework.beans.factory.support.DefaultListableBeanFactory)
[26 Dec 2018 12:51:08 localhost-startStop-1] ERROR Context initialization failed (org.springframework.web.context.ContextLoader)
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer#0' defined in ServletContext resource [/WEB-INF/spring.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: /usr/share/djigzo-web/conf/spring/spring.properties.d is not a directory.
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:285)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1075)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:979)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:296)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:293)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
at org.springframework.context.support.AbstractApplicationContext.invokeBeanFactoryPostProcessors(AbstractApplicationContext.java:657)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:461)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:410)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5068)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5584)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:147)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:899)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:875)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:652)
at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:677)
at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1962)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.springframework.beans.BeanInstantiationException: Could not instantiate bean class [mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer]: Constructor threw exception; nested exception is java.lang.IllegalArgumentException: /usr/share/djigzo-web/conf/spring/spring.properties.d is not a directory.
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:163)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:121)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:277)
... 26 more
Caused by: java.lang.IllegalArgumentException: /usr/share/djigzo-web/conf/spring/spring.properties.d is not a directory.
at mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer.setDirectory(FilePropertyPlaceholderConfigurer.java:81)
at mitm.application.djigzo.service.FilePropertyPlaceholderConfigurer.<init>(FilePropertyPlaceholderConfigurer.java:63)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:423)
at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:148)
... 28 more
Dec 26, 2018 12:51:08 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: One or more listeners failed to start. Full details will be found in the appropriate container log file
Dec 26, 2018 12:51:08 PM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/ciphermail] startup failed due to previous errors
Dec 26, 2018 12:51:08 PM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deployment of configuration descriptor /etc/tomcat7/Catalina/localhost/ciphermail.xml has finished in 10,482 ms
Dec 26, 2018 12:51:08 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory /var/lib/tomcat7/webapps/ROOT
Dec 26, 2018 12:51:08 PM org.apache.catalina.core.StandardContext setPath
WARNING: A context path must either be an empty string or start with a '/' and do not end with a '/'. The path [/] does not meet these criteria and has been changed to []
Dec 26, 2018 12:51:08 PM org.apache.catalina.startup.TldConfig execute
INFO: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Dec 26, 2018 12:51:08 PM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deployment of web application directory /var/lib/tomcat7/webapps/ROOT has finished in 273 ms
Dec 26, 2018 12:51:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8443"]
Dec 26, 2018 12:51:08 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 10811 ms
root@ciphermail:/var/log/tomcat7# ls -l /usr/share/djigzo-web/conf/spring/spring.properties.d
total 4
-rw-r--r-- 1 djigzo djigzo 99 Aug 13 04:23 README.txt
root@ciphermail:/var/log/tomcat7# ls -l /usr/share/djigzo-web/conf/spring
total 16
drwxr-xr-x 2 djigzo djigzo 4096 Dec 22 00:00 portal.spring.d
drwxr-xr-x 2 djigzo djigzo 4096 Dec 22 00:00 portal.spring.properties.d
drwxr-xr-x 2 djigzo djigzo 4096 Dec 22 00:00 spring.d
drwxr-xr-x 2 djigzo djigzo 4096 Dec 22 00:00 spring.properties.d
Todd R. James<mailto:trj@h2law.com>
Systems Architect
450 West Fourth Street, Royal Oak, MI 48067
E: trj(a)h2law.com<mailto:trj@h2law.com>
D: 248.723.0544<tel:248.723.0544> F: 248.645.1568<tel:248.645.1568>
[cid:hh_logo_sig_f80700f2-1c72-4801-9140-230a5fc86422.png]<https://howardandhoward.com>
NOTICE: Information contained in this transmission to the named addressee is proprietary information and is subject to attorney-client privilege and work product confidentiality. If the recipient of this transmission is not the named addressee, the recipient should immediately notify the sender and destroy the information transmitted without making any copy or distribution thereof.
ELECTRONIC SIGNATURE: Nothing contained in this communication is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
On 06-12-18 09:06, Weppert Juergen wrote:
> great! Now it is working. Thanks a lot.
> I just have one more question. How can i see in the logs which certificate was used for decryption?
This is not logged. What should be logged and not logged is always a
tradeoff between logging to much and logging too little. Logging the
certificate details will add substantial information to the logs. An
email might even be encrypted with several certificates, for example a
recipient can have multiple certificates or there can be multiple
recipients. If logging which certificates are being used is a
requirement, it might be possible to add an additional rule to the mail
flow (this requires some coding however).
Kind regards,
Martijn Brinkers
> -----Ursprüngliche Nachricht-----
> Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
> Gesendet: Montag, 3. Dezember 2018 12:59
> An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
> Betreff: Re: AW: AW: AW: [CipherMail User] S/Mime domain certificate
>
> You have enabled S/MIME strict mode. This will check whether there is a match between recipient address and email address in the email. This will not work for domain certificates without additional config (it should work if strict mode is not enabled). You need to explicitly tell the gateway that a domain certificate is used for that domain.
>
> Please try to add the domain certificate to the domain mediakom-online.de
>
> So open settings for domain mediakom-online.de, then "S/MIME -> encryption certificates" and select the domain certificate.
>
> Kind regards,
>
> Martijn Brinkers
>
> On 03-12-18 12:49, Weppert Juergen wrote:
>> Hello,
>>
>> her are the relevant log lines.
>>
>> 03 Dec 2018 10:45:38 | INFO incoming; MailID:
>> 63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
>> [juergen.weppert(a)mediakom-online.de]; Originator:
>> michael.hengst(a)hkk.de; Sender: michael.hengst(a)hkk.de; Remote address:
>> x.x.x.x; Subject: AW: Mailverschlüsselung; Message-ID:
>> <518A63CC64BC574E9671E278570CF549C9E1969A-TvXsAYlA(a)s9103p051.hkk.lokal
>>> ; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #2]
>> 03 Dec 2018 10:45:38 | INFO Subject filter is disabled for the sender;
>> MailID: 63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
>> [juergen.weppert(a)mediakom-online.de]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
>> 03 Dec 2018 10:45:38 | INFO To internal recipient(s); MailID:
>> 63aa8793-84c2-470d-9322-1378313de4a7; Recipients:
>> [juergen.weppert(a)mediakom-online.de]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
>> 03 Dec 2018 10:45:38 | INFO "S/MIME strict mode" is enabled for the
>> recipient(s); MailID: 63aa8793-84c2-470d-9322-1378313de4a7;
>> Recipients: [juergen.weppert(a)mediakom-online.de]
>> (mitm.application.djigzo.james.mailets.Default) [Spool Thread #2]
>> 03 Dec 2018 10:45:38 | WARN S/MIME decryption key not found; MailID:
>> 63aa8793-84c2-470d-9322-1378313de4a7; Message: A suitable decryption
>> key could not be found. CMS Recipients: CN=evp.mediakom-online.de,
>> OU=IT, O=MediaKom GmbH, L=Aschau, ST=Bayern,
>> C=DE/92D94935F132BCB//1.2.840.113549.1.1.1
>> (mitm.common.security.smime.handler.SMIMEHandler) [Spool Thread #2]
>> 03 Dec 2018 10:45:38 | INFO Message handling is finished. Sending to
>> final recipient(s); MailID: 63aa8793-84c2-470d-9322-1378313de4a7;
>> Recipients: [juergen.weppert(a)mediakom-online.de]; Originator:
>> michael.hengst(a)hkk.de; Sender: michael.hengst(a)hkk.de; Remote address:
>> x.x.x.x; Subject: AW: Mailverschlüsselung; Message-ID:
>> <518A63CC64BC574E9671E278570CF549C9E1969A-TvXsAYlA(a)s9103p051.hkk.lokal
>>> ; (mitm.application.djigzo.james.mailets.Log) [Spool Thread #1]
>>
>>
>> I have no personal S/Mime certificate so i think the warning is because no certificate matches my email address.
>>
>> Kind regards
>>
>> Jürgen Weppert
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
>> Gesendet: Montag, 3. Dezember 2018 12:38
>> An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
>> Betreff: Re: AW: AW: [CipherMail User] S/Mime domain certificate
>>
>> In that case the MPA log should provide more information.
>>
>> Can you provide the relevant log lines from the MPA log? It should tell exactly what happens when it handles the incoming email.
>>
>> Kind regards,
>>
>> Martijn Brinkers
>>
>> On 03-12-18 12:35, Weppert Juergen wrote:
>>> Hello,
>>>
>>> yes i imported the certificate and the private key.
>>> Yes the domain is internal.
>>>
>>> Kind regards
>>>
>>> Jürgen Weppert
>>>
>>>
>>>
>>> -----Ursprüngliche Nachricht-----
>>> Von: Martijn Brinkers [mailto:martijn@ciphermail.com]
>>> Gesendet: Montag, 3. Dezember 2018 12:15
>>> An: Weppert Juergen <Juergen.Weppert(a)mediakom-online.de>
>>> Betreff: Re: AW: [CipherMail User] S/Mime domain certificate
>>>
>>>
>>>
>>> On 03-12-18 11:19, Weppert Juergen wrote:
>>>> Hello,
>>>>
>>>> thanks for your feedback.
>>>>
>>>> For example, our Domain is mediakom-online.de and the domain of our
>>>> partner is test.de. I added a new domain "test.de" and selected
>>>> their certificate to encrypt Emails send tot hat domain. And that
>>>> works fine. But emails send from "test.de" to us are encrypted with
>>>> our domain certificate. I importet our certificate only under
>>>> "Certificates", is this OK?
>>>
>>> Are you absolutely certain that you imported the certificate *and*
>>> private key? (i.e., imported a password protected p12 or pfx file)
>>>
>>>
>>>> But Ciphermail does not decrypt emails send to us. Must i select our
>>>> certificate under our domain in ciphermail as you descriped below?
>>>
>>> Incoming email will be decrypted automaically if the recipient domain is set as an "Internal" domain *and* if there is a private key on the gateway which can be used to decrypt the email.
>>>
>>> So
>>>
>>> 1. Check if there is a valid private key available 2. Check if your
>>> domain is configured as an Internal domain (i.e., locality is set to
>>> "Internal")
>>>
>>> Kind regards,
>>>
>>> Martijn Brinkers
>>>
>>>
>>>> -----Ursprüngliche Nachricht----- Von: Users
>>>> [mailto:users-bounces@lists.ciphermail.com] Im Auftrag von Martijn
>>>> Brinkers via Users Gesendet: Montag, 3. Dezember 2018 09:40 An:
>>>> users(a)lists.ciphermail.com Betreff: Re: [CipherMail User] S/Mime
>>>> domain certificate
>>>>
>>>> On 30-11-18 13:09, Weppert Juergen via Users wrote:
>>>>> how can i use S/Mime encryption/decryption with an domain
>>>>> certificate but only with one external partner (other domain)?
>>>>> Emails to other recipients must be encrypted with their personal
>>>>> S/Mime certificate.
>>>>
>>>> I assume you are talking about using a domain certificate for the
>>>> external domain? (and not a domain certificate for signing).
>>>>
>>>> If so, you need to add the external domain, then on the domain
>>>> settings select "S/MIME -> encryption certificates" and select the
>>>> certificate you want to use for that external domain.
>>>>
>>>> Kind regards,
>>>>
>>>> Martijn Brinkers
>>>>
>>>> -- CipherMail email encryption
>>>>
>>>> Email encryption with support for S/MIME, OpenPGP, PDF encryption
>>>> and secure webmail pull.
>>>> _______________________________________________
>>>> Users mailing list Users(a)lists.ciphermail.com
>>>> https://lists.ciphermail.com/mailman/listinfo/users
>>>>
>>>
>>> --
>>> CipherMail email encryption
>>>
>>> Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.
>>>
>>
>> --
>> CipherMail email encryption
>>
>> Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.
>>
>
> --
> CipherMail email encryption
>
> Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.
>
--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and
secure webmail pull.
Hello,
how can i use S/Mime encryption/decryption with an domain certificate but only with one external partner (other domain)?
Emails to other recipients must be encrypted with their personal S/Mime certificate.
With kind regards
Jürgen Weppert
