As per this update there is a change which has been done in OL2013 which affects Outlook in general and not only Zarafa. The issue here is that customers with intermediate S/MIME certificates have to set a registry key, otherwise they will not be able to sign/encrypt and decrypt with these anymore. This change is not done by Zarafa, but instead by Microsoft(!) and cannot be changed by Zarafa.
The most important stuff from the attached link here:
Known issues with this security update
After this update is applied, you may experience issues with S/MIME certificate verification in Microsoft Outlook. This issue is caused because the update disables remote intermediate certificate fetching in Outlook.
If you experience these issues or if you are working in an enterprise installation that requires the retrieval of remote certificates referenced in an authority information access extension, a registry key can be set to enable remote intermediate certificate fetching in Microsoft Outlook.
Warning Setting the registry key to enable remote intermediate certificate fetching will remove the protections provided by this update.
Important Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
To enable remote intermediate certificate fetching in Outlook after this update is applied, set the following registry key value:
DWORD name: EnableAIACertExtension
Value data: 1
Note To disable the evaluation, set the Value data to 0 (0 is the default).