Apparently there is a problem with SHA2 S/MIME certs:
“Public key algorithm of certificate ‘Subject: "XXX Issuer: “Certum Digital Identification CA SHA2” Serial: “XXX”’ is not supported. Do you want to send the message unsigned?”
Anyone had luck with it? I’ve seen post here about no support from 2018, otherwise nothing.
I have the same issue, unfortunately. Here is an excerpt of the log, with personal information redacted
10:45:23.551|026| SecurityManager.IsSuitableForIntent CertificateUseIntent.Encryption Accepted
10:45:23.551|026| SecurityManager.IsCertificateValid MailClient.Security.ValidationError
10:45:23.551|026| SecurityManager.FindAllCertificatesByEmail: System store candidate CN=XXX
10:45:23.551|026| SecurityManager.FindAllCertificatesByEmail: System store yielded CN=XXX 10:45:23.551|026| SecurityManager.IsSuitableForIntent CertificateUseIntent.Encryption Accepted
10:45:23.551|026| SecurityManager.IsCertificateValid MailClient.Security.ValidationError
10:45:36.103|001| 22/05/2024 10:45:36 Entered DbContactRepository.Modify transaction
10:45:36.103|001| 22/05/2024 10:45:36 Committed DbContactRepository.Modify transaction, modified 1 items
10:45:36.107|026| SecurityManager.FindCertificateByThumbprint: Windows' Personal certificates store yielded CN=XXX
10:45:36.107|026| SecurityManager.IsSuitableForIntent CertificateUseIntent.Signing Accepted
10:45:36.107|026| Certificate.Validate(XXX)
10:45:36.107|026| Certificate.Validate(XXX) SMIME Chain validation
10:45:36.115|026| ValidationChain.Revalidate(XXX) added local parent CN=GEANT Personal ECC CA 4, O=GEANT Vereniging, C=NL
10:45:36.120|026| Certificate.ValidateSignature(cert: , parent:) failed: Org.BouncyCastle.Security.InvalidKeyException: Public key presented not for certificate signature
10:45:36.120|026| at Org.BouncyCastle.X509.X509Certificate.CheckSignature(IVerifierFactory verifier)
10:45:36.120|026| at Org.BouncyCastle.X509.X509Certificate.Verify(AsymmetricKeyParameter key)
10:45:36.120|026| at MailClient.Security.Certificate.ValidateSignature(X509Certificate2 cert, X509Certificate2 parent)
10:45:36.121|026| Certificate.Validate(XXX) returns:Certificate chain is valid.
10:45:36.121|026| SecurityManager.IsCertificateValid MailClient.Security.ValidationError
The certificate works fine with Outlook and Thunderbird. If necessary, I am happy to provide more information about the certificate.
Any update on this issue? It’s already 2025 and eM Client still can’t sign messages using ECC certificates.