Why is my vereigned email not validating?


Vereign is using the S/MIME standard for email signing with a Vereign root certificate that is currently not signed by a third party Certificate Authority (CA). Most mail clients will not verify the signature if the root certificate is unknown. Some email servers may even classify an email as spam if there is no signature from a “trusted” root certificate.

Unfortunately, community based CAs, most importantly letsencrypt.org, are not offering certificates for email. If you have suggestions for community based CAs, please let us know.

Meanwhile, we are in the process of discussing this matter with established CAs to find the right one to work with for going fully live. We’ll sort this out as soon as possible in the trial/feedback/beta phase, and it will be resolved before we go in production.

In the meantime, we have put together some how-tos to verify signatures for Apple, Outlook and Mozilla Thunderbird:

If you are technically savvy, you can download our certificate at https://app.vereign.com/cert/vereign_ca.cer.

Its fingerprint should read:

openssl x509 -noout -fingerprint -sha256 -inform pem -in vereign_ca.cer 

SHA256 Fingerprint=FD:0D:52:E0:E5:9B:52:FE:90:FE:22:E0:44:6D:3D:BF:31:B6:75:BF:76:59:DF:79:E7:AC:E5:4A:82:26:51:EA