Signed email

I’m trying to setup rt 4.4.1 to send s/mime signed email. After some
fussing around and figuring out that openssl couldn’t handle the full
chain of certificates in the pem file it generated itself, I got RT to
send signed messages, however Thunderbird complains that they got
modified after signing and shows an alert on them. Has anyone else got
this working?

smime.p7s (5.38 KB)

A couple of other questions:

  1. I built a pem CA repository using:

    then pointed CAPath at the resulting directory, but it doesn’t trust
    my incoming signed mail. Also, using the mail gateway, rt-mailgate
    complained about the https connection being untrusted and I had to use
    -no-verify-ssl. What do I need to do to build a trust directory?

  2. I have the queues set to sign by default, but the only messages I
    see getting signed are the replies to the tickets. for example, the
    autoreply on ticket creation is unsigned. How do I make all messages
    originated by rt signed?


smime.p7s (5.38 KB)