HelloThe way is correct, but HARICA has a seperate certificate chain for S/MIME certificates.
Therefore you need not the ones from your firefox browser.
You can download the chain from HARICA itself. I added them as attachments, but don't know if they go through this list.Then seperate them into single intermediate certificates, and place them into /usr/local/share/ca-certificates.
Now you can run update-ca-certificates and are done. Kind regards, Christian MackAm 28.10.25 um 13:56 schrieb Andreas Bauer ([email protected]):
Dear all, Our university, like most in Germany, has (not so) recently changed their certificate issuer from GEANT to Harica. I see that there are all sorts of Harica root and intermediate certificates included in my browser's certificate store (firefox). However, when I receive a mail signed with a Harica-issued SMIME-certificate, SOGo says that the verification of said email signature failed. I'm guessing this is because Harica's root and intermediate certificates are not installed. However, I fail to see how I can add these to SOGo. I have tried copying them to /usr/loca/share/ca-certificates and then run update-certificates, but to no avail. I'm also guessing I've missed some obvious documentation or am making a stupid mistake, but I'm really thumped to be honest. Any insights to this are much appreciated. Thanks, Andreas.
-- Christian Mack Universität Konstanz Kommunikations-, Informations-, Medienzentrum (KIM) Abteilung IT-Dienste Forschung, Lehre, Infrastruktur 78457 Konstanz +49 7531 88-4416
HARICA-SMIME-RSA.crt
Description: application/pkix-cert
HARICA-GEANT-SMIME-R1.crt
Description: application/pkix-cert
HARICA-Client-Root-2021-RSA.crt
Description: application/pkix-cert
smime.p7s
Description: Kryptografische S/MIME-Signatur
