Updated FAQ

2020-05-24 13:39:18 +02:00 · 2020-05-24 13:39:18 +02:00 · f39149c502
parent 74226b77ac
commit f39149c502
1 changed files with 17 additions and 0 deletions
--- a/FAQ.md
+++ b/FAQ.md
@ -693,6 +693,23 @@ Common errors:
 * *No certificate found matching targetContraints*: this likely means you are using an old version of FairEmail
 * *unable to find valid certification path to requested target*: basically this means one or more intermediate or root certificates were not found

+In case the certificate chain is incorrect, you can tap on the little info button to show the all certificates.
+After the certificate details the issuer or "selfSign" is shown.
+A certificate is self signed when the subject and the issuer are the same.
+Certificates from a certificate authority (CA) are marked with "[keyCertSign](https://tools.ietf.org/html/rfc5280#section-4.2.1.3)".
+Certificates found in the Android key store are marked with "Android".
+
+A valid chain looks like this:
+
+```
+Your certificate > zero or more intermediate certificates > CA (root) certificate marked with "Android"
+```
+
+Note that a certificate chain will always be invalid when no anchor certificate can be found in the Android key store,
+which is fundamental to S/MIME certificate validation.
+
+Please see [here](https://support.google.com/pixelphone/answer/2844832?hl=en) how you can import certificates into the Android key store.
+
 The use of expired keys, inline encrypted/signed messages and hardware security tokens is not supported.

 If you are looking for a free (test) S/MIME certificate, see [here](http://kb.mozillazine.org/Getting_an_SMIME_certificate) for the options.