Digital Signature and Encryption of email communication

Hello,

I’m new to RT. I have some Linux experience but mostly surface-level. I have just installed an instance on a Debian server and I have configured it to use one of our email adresses using this tutorial: RT 4.2 Installation with incoming and outgoing email support on Ubuntu 12.04 - Request Tracker Wiki

I have had a bit of trouble wrapping my head around postfix but RT can now send and receive emails. My next step is that all communications must be encrypted and digitally signed. I have a certificate in a .p12 file delivered by an official authority for my email address. My question is, how do I implement that? It might be more linked to postfix/fetchmail than RT, but I’m not entirely sure.

Thank you!

SMIME docs can be found here:

AI came up with these steps that look pretty close to me!

Extract your certificate and key from the .p12 file:

# Extract the certificate
openssl pkcs12 -in your_cert.p12 -clcerts -nokeys -out cert.pem

# Extract the private key
openssl pkcs12 -in your_cert.p12 -nocerts -nodes -out key.pem

2. Configure RT’s S/MIME settings in RT_SiteConfig.pm:

Set(%SMIME,
    Enable => 1,
    OpenSSL => '/usr/bin/openssl',
    Keyring => '/opt/rt6/var/data/smime/keyring',
    CAPath => '/opt/rt6/var/data/smime/ca',
);

Set(%GnuPG,
    Enable => 0,  # Disable if using S/MIME
);

3. Import your certificate into RT:

# Create the keyring directory if it doesn't exist
mkdir -p /opt/rt6/var/data/smime/keyring

# Import your certificate
cat cert.pem key.pem > /opt/rt6/var/data/smime/keyring/your-email@domain.com

4. Set proper permissions:

chown -R www-data:www-data /opt/rt5/var/data/smime
chmod 0700 /opt/rt5/var/data/smime/keyring
chmod 0600 /opt/rt5/var/data/smime/keyring/*

Then you should be able to see key options in the queue or user config pages!

Screenshot 2026-01-21 at 8.15.21 AM1334×438 31.7 KB