Email Certificate fails validation

I downloaded a personal signing certificate, but when I use it, recipients must trust it. It seems that one of the intermediate certs is failing. I wanted to use the Comodo certificate to avoid just this. I have an Astaro system that could be used to generate signing certificates, but so many recipients do not know what to do with “untrusted” certs that I assumed it would be easier with Comodo!

Specifically, recipients tell me that:

UTN-USERFirest-Client Authentication and Email cannot be validated and/or contains an untrusted issuer.
COMODO Client Authentication and Secure Email CA cannot be validated and/or contains an untrusted issuer.

From what the recipients who I’ve tested this with tell me, all Windows/Mac, etc. updates have been applied, and so this certificate’s signing authority should be trusted, should it not?



I am experiencing the same issue. My first thought was that the CA identified in my email certs didn’t match the name of the CA in the root cert. But after reading this post and checking the certificate store on a Windows 7 box with the latest certificates from Microsoft and Department of Defense installed yesterday I found that the intermediate CA identified in my personal email cert as “COMODO Client Authentication and Secure Email CA” was not provided by either Microsoft or the Department of Defense.

I really appreciate Comodo providing free email certificates but am a bit disappointed that the intermediate CAs are not being distributed. Most of my recipients, who actually use a client for email, are performing email tasks at work. These colleagues and friends are not knowledgeable enough to understand about marking a certificate as “trusted” within OutlookTM.

Note that I have been able to encrypt email to at least one of the recipients who has been able to open it, and reply back to me. However, the validation error popped up anyway. It read “digital signature verification failed”.

I hope someone knowledgeable will provide clarification and/or verification of the following.

After a bit more research, it appears that the distribution of Root CAs as well as Intermediate Root CAs has been automated. Apparently, any intermediate CAs certificates showing up in the CA store are legacy certs . It is possible that some corporate and government enterprise systems are blocking the automatic validation of intermediate CAs.

I have the same trouble, “COMODO Client Authentication and Secure Email CA” is not present in my keystore under firefox.

Is there a way to download it ?