S/MIME key algorithm not supported

Apparently there is a problem with SHA2 S/MIME certs:

“Public key algorithm of certificate ‘Subject: "XXX Issuer: “Certum Digital Identification CA SHA2” Serial: “XXX”’ is not supported. Do you want to send the message unsigned?”

Anyone had luck with it? I’ve seen post here about no support from 2018, otherwise nothing.

I have the same issue, unfortunately. Here is an excerpt of the log, with personal information redacted

10:45:23.551|026|   SecurityManager.IsSuitableForIntent CertificateUseIntent.Encryption Accepted
10:45:23.551|026|   SecurityManager.IsCertificateValid MailClient.Security.ValidationError
10:45:23.551|026|   SecurityManager.FindAllCertificatesByEmail: System store candidate CN=XXX
10:45:23.551|026|   SecurityManager.FindAllCertificatesByEmail: System store yielded CN=XXX 10:45:23.551|026|   SecurityManager.IsSuitableForIntent CertificateUseIntent.Encryption Accepted
10:45:23.551|026|   SecurityManager.IsCertificateValid MailClient.Security.ValidationError
10:45:36.103|001|   22/05/2024 10:45:36 Entered DbContactRepository.Modify transaction
10:45:36.103|001|   22/05/2024 10:45:36 Committed DbContactRepository.Modify transaction, modified 1 items
10:45:36.107|026|   SecurityManager.FindCertificateByThumbprint: Windows' Personal certificates store yielded CN=XXX
10:45:36.107|026|   SecurityManager.IsSuitableForIntent CertificateUseIntent.Signing Accepted
10:45:36.107|026|   Certificate.Validate(XXX)
10:45:36.107|026|   Certificate.Validate(XXX) SMIME Chain validation
10:45:36.115|026|   ValidationChain.Revalidate(XXX) added local parent CN=GEANT Personal ECC CA 4, O=GEANT Vereniging, C=NL
10:45:36.120|026|   Certificate.ValidateSignature(cert: , parent:) failed: Org.BouncyCastle.Security.InvalidKeyException: Public key presented not for certificate signature
10:45:36.120|026|      at Org.BouncyCastle.X509.X509Certificate.CheckSignature(IVerifierFactory verifier)
10:45:36.120|026|      at Org.BouncyCastle.X509.X509Certificate.Verify(AsymmetricKeyParameter key)
10:45:36.120|026|      at MailClient.Security.Certificate.ValidateSignature(X509Certificate2 cert, X509Certificate2 parent)
10:45:36.121|026|   Certificate.Validate(XXX) returns:Certificate chain is valid.
10:45:36.121|026|   SecurityManager.IsCertificateValid MailClient.Security.ValidationError

The certificate works fine with Outlook and Thunderbird. If necessary, I am happy to provide more information about the certificate.