Certificate Update Notification Mail

I am a Comodo SecureEmail user and so is another friend. We both seem to have the product installed correctly and it works well. We exchange signed and encrypted e-mail frequently. Every few days (not the same number of days between incidents) I receive an e-mail from my friend the body of which is quoted below. I have replaced his address and key portions of my e-mail address with xxx for privacy. Those addresses are correct in the actual e-mail. There is also a Comodo logo header and a footer explaining what SecureEmail is. The question is why do I get these e-mails as his certificate is clearly evident when I look at the certificate store AND we routinely, successfully exchange signed and encrypted e-mail? I suspect it may be triggered when I include him in e-mails sent to several correspondents most of whom do not have e-mail certificates let alone SecureEmail and so those e-mails are not encrypted and occasionally not signed as some recipients use web mail (Yahoo and Hotmail) exclusively and so find the unexplained smime.p7m attachment confusing.

My environment: Dual boot Windows 2K and Ubuntu Intrepid Ibis. Thunderbird version (20081105) in Windows and a similarly current version in Ubuntu. These clients are currently independent of each other and share no files for operation. Both are configured for EnigMail with keys having been generated. Both using my Comodo certificate for S/MIME which is my default. Thunderbird is set to handle three different e-mail accounts (family members i.e. wife) in each case and each account has its own certificate. The same certificates are used in Linux and W2K for the same e-mail addresses. W2K has SecureEmail running. It was installed AFTER the certificates were obtained and installed. Finally, I still have Outlook Express 2000 installed and occasionally open it when friends have questions about how something works or looks in OE. OE also shows my friend’s certificate in its certificate store. I do not use OE as my e-mail client and the suspect message arrives far more often than I open OE but I have successfully tested digital signatures and encryption from OE with my friend so I know the certificates are installed effectively in OE.


Dear gtmikey@xxx.xxx

This is an automated message sent by Comodo SecureEmail on behalf of xxx@xxx.xxx

xxx@xxx.xxx would like you to install their email certificate which is contained in this email. After installing the certificate, you will be able to encrypt any messages you send to frsmcc@mchsi.com

Your installation of Comodo SecureEmail may have already installed this certificate for you. If you are not sure, please see the 'Certificate Update Emails’ section of the application and check which of the following options are selected under 'Other People’s e-mail certificates’.

* Prompt - SecureEmail will generate a pop-up dialog asking you if you want to install the sender's certificate. Clicking 'Yes' will automatically import the certificate into the Window's certificate store.
* Automatic - SecureEmail installs the new certificate automatically. From this point on you can encrypt for that contact using that certificate
* Do not install - You will have to manually import the sender’s email certificate. For more details, please refer to your client documentation


Hi gtmikey,

We’ve looking into this issue now and will respond to you soon.

We are highly appreciating such detailed description of your problem! :slight_smile:

Regards, Eugene

Additional information. I noticed today that my wife’s certificate (also from Comodo and downloaded before CSE) wasn’t in the CSE certificate store. I added it. Ten minutes later I got the same notification in my mail box from CSE on the same (we only use one PC) computer on behalf of my wife. All three family e-mail accounts are configured in Thunderbird as I monitor them for the others. So it was much like notifying myself. All threer certificates are in the same store on CSE. It may be related to the limitation of CSE, as I understand it, to being able to work with only one personal certificate. In Thunderbird, I have the option of linking a certificate to an e-mail address. That is I can configure it to use the same certificate for all accounts or to use a manually specified certificate for each account or for Thunderbird to use the certificate which matches the e-mail address. I use the latter. Therefore I have the CSE function of encrypting and signing turned off and use the MUA interface instead as it is more flexible.

As I had not received such a notice until I added the certificate to the CSE store, this may be helpful. Obviously all certificates are also in the two MUA storesl and have been since before loading CSE.


Hi gtmikey,

We’ve found this issue and confirmed this as a bug and will fix it soon.

Thanks for cooperation!

Regards, Eugene