Signing git commits with S/MIME certificates

I am trying to sign git commits with a X.509 certificate I got from DFN (Deutsches Forschungs Netz). I can sign emails/odt/docx/pdf just fine and can also sign git commits with my personal GPG key.

I have imported my key into gpgsm and it appears under

$ gpgsm --list-secret-keys

I have setup git with

[user]
       signingkey = ...
[commit]
        gpgsign = true
[gpg]
        format = x509

Git commit fails with

$ git commit -S -m "test"
error: gpg failed to sign the data
fatal: failed to write commit object

$ GIT_TRACE=1 git commit -S -m "test"
10:29:29.906544 git.c:459               trace: built-in: git commit -S -m test
10:29:29.907024 run-command.c:654       trace: run_command: gpgsm --status-fd=2 -bsau 0xXXXXXXXX
error: gpg failed to sign the data
fatal: failed to write commit object

digging a bit deeper I get the following:

$ gpgsm --status-fd=2 -bsau 0xXXXXXXXXXXX
gpgsm: Note: non-critical certificate policy not allowed
[GNUPG:] PROGRESS tick ? 0 0

....

gpgsm: no CRL found for certificate
gpgsm: Note: non-critical certificate policy not allowed

gpgsm cannot find the revocation list. Is this expected or a configuration error?

UPDATE: Not sure if this is important information, but when importing the certificate into gpgsm, I ran into [1] and solved it by re-exporting the certificate from Thunderbird.

[1] https://superuser.com/questions/1725832/gpgsm-cannot-import-private-key