mail troubleshooting - HP Access Control Smartcard Solution

Error: "E-mail Gateway rejected the job because of the addressing information. Job Failed"

Cause Solution

The E-mail address attribute under "Searching the LDAP Database" on the Kerberos settings page is incorrect. The E-mail address attribute is used to set the authenticated user’s from address.

The E-mail gateway is trying to make sure that the "from"

address is a valid from address.

Try changing the E-mail address attribute on the Kerberos page to reflect the correct LDAP attribute.

Error: "There are problems with the signature. Click the signature button for details."

Cause Solution

Using Microsoft Outlook, E-mail sent by the device have an invalid digital signature.

Viewing details on the signature shows:

"Error: The system cannot validate the certificate used to create this signature because the issuer's certificate is either unavailable or invalid."

The recipient of the E-mail message does not have the intermediate and/or root certificate necessary to validate the client’s E-mail certificate installed on their PC, and the device is not appending the intermediate and root certificates in the E-mail message because they have not been installed on the device.

Check the Kerberos page to see if the E-mail signing certificates are installed. Even if the device shows the certificates are installed, this does not mean the correct certificates are installed.

To ensure that the correct certificates are installed, you need to know which CA issued the user’s E-mail signing certificate.

To do this, while viewing details for the digital signature in Microsoft Outlook, click on the signer and then click the "View Details" button. Under "Certificate Information" look at "Issued By". This certificate should be installed on the recipient’s PC.

For more information on exporting the E-mail certificate chain to the device, follow the steps under "Configure Send to E-mail".

Error: "Digital Signature: Invalid. Your message was digitally signed by a certificate issued by a Certificate Authority."

Cause Solution

Using Microsoft Outlook, E-mail sent by the device have an invalid digital signature and a window with the following message is displayed when the user views details on the signature:

"Digital Signature: Invalid. Your message was digitally signed by a certificate issued by a Certificate Authority.

The signature is invalid because you have either distrusted or not yet chosen to trust the following Certificate Authority:

Issued By: <CA Issuer Name>

Valid From: <Validity Dates>

At the bottom of the window is a prompt to Trust the Certificate Authority.

The correct E-mail signing certificates have been installed on the device, however, the user has not yet chosen to trust the certificate chain which signed the user's E-mail certificate.

When the user decides to trust the signature, the CA certificate (s) are installed on their PC and future messages appear to have valid signatures.

The recipient of the message needs to decide whether or not to trust the CA that issued your digital certificate.

ENWW E-mail troubleshooting 45

A Licenses

This solution from HP uses and contains open source code and libraries from Heimdal Kerberos 5 and the OpenSSL project. Following are acknowledgements, copyrights, and license information associated to these open source solutions.

● Heimdal Kerberos 5

● OpenSSL

ENWW 47

Heimdal Kerberos 5

Heimdal is a free implementation of Kerberos 5. The goals are to:

• have an implementation that can be freely used by anyone

• be protocol compatible with existing implementations and, if not in conflict, with RFC 1510 (and any future updated RFC)

• be reasonably compatible with the M.I.T Kerberos V5 API

• have support for Kerberos V5 over GSS-API (RFC1964)

• include the most important and useful application programs (rsh, telnet, popper, etc.)

• include enough backwards compatibility with Kerberos V4

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. Neither the name of the Institute nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Eric Young wrote “libdes”. Heimdal used to use libdes, without it kth-krb would never have existed.

All functions in libdes have been re-implemented or used available public domain code. The core AES function where written by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto. The core DES SBOX transformation was written by Richard Outerbridge.

The University of California at Berkeley initially wrote telnet, and telnetd. The authentication and encryption code of telnet and telnetd was added by David Borman (then of Cray Research, Inc). The encryption code was removed when this was exported and then added back by Juha Eskelinen,

Some of the functions in libroken also come from Berkeley by way of NetBSD/FreeBSD.

editline was written by Simmule Turner and Rich Salz. Heimdal contains a modifed copy.

The getifaddrs implementation for Linux was written by Hideaki YOSHIFUJI for the Usagi project.

Bugfixes, documentation, encouragement, and code has been contributed by:

Derrick J Brashear

ENWW Heimdal Kerberos 5 49

[email protected] Brian A May

[email protected] Chaskiel M Grundman [email protected] Richard Nyberg

[email protected] Frank van der Linden [email protected] Cizzi Storm [email protected] Petr Holub

[email protected] Mario Strasser

[email protected] David Love

[email protected]

and we hope that those not mentioned here will forgive us.

All bugs were introduced by ourselves.

OpenSSL

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact [email protected].

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://

www.openssl.org/)"

THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;

This product includes cryptographic software written by Eric Young

([email protected]). This product includes software written by Tim Hudson ([email protected]).

/* crypto/mem.c */

This package is an SSL implementation written by Eric Young ([email protected]). The implementation was written so as to conform with Netscapes SSL.

This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson ([email protected]).

ENWW OpenSSL 51

If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young

([email protected])" The word 'cryptographic' can be left out if the rouines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson ([email protected])"

THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

The licence and distribution terms for any publically available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

B Warranty Service

Hewlett-Packard Limited Warranty Statement

HP Product Duration of Limited Warranty

HP Access Control Smartcard Solution for U. S. Government 1 Year

1. HP warrants to you, the original end-user customer, that HP hardware and accessories will be free from defects in materials and workmanship after the original date of purchase, for the period specified above. If HP receives notice of such defects during the warranty period, HP will, at its option, either repair or replace, products, that prove to be defective. Replacement products may be either new or equivalent in performance to new. If the original end-user customer transfers the HP hardware and accessories to another user, warranty service is available to that user only for the remainder of the original warranty period. This Limited Warranty applies only to authentic HP-branded hardware products sold by or leased from Hewlett-Packard Company, its worldwide subsidiaries, affiliates, authorized resellers, or authorized country/region distributors.

2. HP warrants to you that HP software will not fail to execute its programming instructions after the date of purchase, for a period specified above, due to defects in material and workmanship when properly installed and used. If HP receives notice of such defects during the warranty period, HP will replace software that does not execute its programming instructions due to such defects.

3. HP does not warrant that the operation of HP products will be uninterrupted or error free. If HP is unable, within a reasonable time, to repair or replace any product to a condition as warranted, you will be entitled to a refund of the purchase price upon prompt return of the product.

4. HP products may contain remanufactured parts equivalent to new in performance or may have been subject to incidental use.

5. Warranty does not apply to defects resulting from (a) improper or inadequate maintenance or calibration, (b) software, interfacing, parts or supplies not supplied by HP, (c) unauthorized modification or misuse, (d) operation outside of the published environmental specifications for the product, or (e) improper site preparation or maintenance.

6. TO THE EXTENT ALLOWED BY LOCAL LAW, THE ABOVE WARRANTIES ARE EXCLUSIVE AND NO OTHER WARRANTY OR CONDITION, WHETHER WRITTEN OR ORAL, IS EXPRESSED OR IMPLIED AND HP SPECIFICALLY DISCLAIMS ANY IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, SATISFACTORY QUALITY, AND FITNESS FOR A PARTICULAR PURPOSE.

Some countries/regions, states or provinces do not allow limitations on the duration of an implied warranty, so the above limitation or exclusion might not apply to you. This warranty gives you specific legal rights and you might also have other rights that vary from country/region to country/region, state to state, or province to province.

ENWW Hewlett-Packard Limited Warranty Statement 53

7. HP’s limited warranty is valid in any country/region or locality where HP has a support presence for this product and where HP has marketed this product. The level of warranty service you receive may vary according to local standards. HP will not alter form, fit or function of the product to make it operate in a country/region for which it was never intended to function for legal or regulatory reasons.

8. TO THE EXTENT ALLOWED BY LOCAL LAW, THE REMEDIES IN THIS WARRANTY STATEMENT ARE YOUR SOLE AND EXCLUSIVE REMEDIES. EXCEPT AS INDICATED ABOVE, IN NO EVENT WILL HP OR ITS SUPPLIERS BE LIABLE FOR LOSS OF DATA OR FOR DIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL (INCLUDING LOST PROFIT OR DATA), OR OTHER DAMAGE, WHETHER BASED IN CONTRACT, TORT, OR OTHERWISE. Some countries/regions, states or provinces do not allow the exclusion or limitation of incidental or consequential damages, so the above limitation or exclusion may not apply to you.

THE WARRANTY TERMS CONTAINED IN THIS STATEMENT, EXCEPT TO THE EXTENT

LAWFULLY PERMITTED, DO NOT EXCLUDE, RESTRICT OR MODIFY AND ARE IN ADDITION TO THE MANDATORY STATUTORY RIGHTS APPLICABLE TO THE SALE OF THIS PRODUCT TO YOU.

Customer self repair warranty service

HP products are designed with many Customer Self Repair (CSR) parts to minimize repair time and allow for greater flexibility in performing defective parts replacement. If during the diagnosis period, HP identifies that the repair can be accomplished by the use of a CSR part, HP will ship that part directly to you for replacement. There are two categories of CSR parts: 1) Parts for which customer self repair is mandatory. If you request HP to replace these parts, you will be charged for the travel and labor costs of this service. 2) Parts for which customer self repair is optional. These parts are also designed for Customer Self Repair. If, however, you require that HP replace them for you, this may be done at no additional charge under the type of warranty service designated for your product.

Based on availability and where geography permits, CSR parts will be shipped for next business day delivery. Same-day or four-hour delivery may be offered at an additional charge where geography permits. If assistance is required, you can call the HP Technical Support Center and a technician will help you over the phone. HP specifies in the materials shipped with a replacement CSR part whether a defective part must be returned to HP. In cases where it is required to return the defective part to HP, you must ship the defective part back to HP within a defined period of time, normally five (5) business days. The defective part must be returned with the associated documentation in the provided shipping material. Failure to return the defective part may result in HP billing you for the replacement. With a customer self repair, HP will pay all shipping and part return costs and determine the courier/carrier to be used.

www.hp.c om

In document HP Access Control Smartcard Solution (Page 51-62)