This would require the root CA already in the store?
I was looking for a way to find out where to look for
a download for
example if a certificate arrives with no matching root CA until now.
Is there some URL included in the cert data which contain a path to
the issuer CAs.
Unfortunately afaik there is not standard way to provide a URL to the
issuer. With the well known CAs in most cases it's easy to find out but
with company generated CAs it's not always clear where to get the CA
from. Djigzo will always include to root certificate to make sure that
the receiving end always gets the root as well (not that this helps in
your case because the sender was probably not using Djigzo).
Djigzo open source email encryption