Receiver sees unverified signature or expired revocation list (CRL)

[jamacoe]

When I open a signed email in my recipient's Apple Mail client, it boldly says "Unable to verify message signature". For the recipient, this is much worse than seeing no message at all when receiving an unsigned email. The reason for this message seems to be that the recipient needs to import and trust the 'CASTLE Root RR1 CA' certificate. But an abitrary recipient won't have the trusted CASTLE certificate in their store.

On my Outlook client on a Windows PC I have imported this root certificate along with the intermediate IRE1 certificate and trusted both.
On the surface, Outlook shows the received email as correct ("The digital signature on this message is valid and trusted"). But when I select "Details", a warning appears: "The Certificate Revocation List needed to verify the signing certificate is either unavailable or has expired. So I went to the URL stored in the certificate and downloaded and installed the CRLs CASTLE_IRE1.crl and CASTLE_Root_RR1.crl. When I check the Windows certificate store, I see that the root certificate's CRL has expired on 08/09/2021. The Outlook warning won't go away.

Thus when I send a signed email to someone, I want them to have more confidence. If they see errors and warnings, they will have less trust. So unfortunately I can't use this. Or am I missing something?

[sm13294]

I had a similar experience too.
It seems that the generated certificates are not trusted.