thanks for your answer.
Am 18.10.2018 um 12:42 Uhr schrieb Martijn Brinkers via Users:
Outgoing email will be S/MIME encrypted with all valid
the user. If a domain certificate has been setup for the recipient and
the certificate is valid, the email will be encrypted with the domain
certificate. If the user also has a personal certificate (i.e., issued
for his/her email address), then the email will *also* be encrypted with
the user certificate (i.e., the email will be encrypted with the domain
certificate *and* the personal certificate).
The gateway dynamically finds the certificates for a recipient (i.e., it
will check the domain and check if there is a personal certificate). If
you want to see which certificates are available for a recipient, you
need to add this recipient first. The click on the details for the
recipient (click on the email address). On the "Edit user: .." page,
click S/MIME and then from the pull down menu, select "encryption
certificates". You should now get an overview of all the S/MIME
certificates for the recipient.
Certificates are colored depending on whether the certificate is valid,
auto selected, inherited etc.
Green means the certificate is valid and auto selected (only if the
email address matches). Yellow means it's inherited (from the domain).
looks pretty right in the admin GUI.
See the following page for more information
What is important to know is that a certificate will only be used if the
certificate is trusted.
We checked this before. We made all the example.com
Is there any debug log to the see that this actually happenend?
Everything in the admin GUI looks OK. The certificat for
john(a)example.com is the yellow "inherited" one from the domain setting.
The admin at example.com
says, the cannot decrypt the message.
The admin as a cert himself. He can read all my encrypted mails.