I’m trying to setup rt 4.4.1 to send s/mime signed email. After some
fussing around and figuring out that openssl couldn’t handle the full
chain of certificates in the pem file it generated itself, I got RT to
send signed messages, however Thunderbird complains that they got
modified after signing and shows an alert on them. Has anyone else got
this working?
smime.p7s (5.38 KB)
A couple of other questions:
I built a pem CA repository using:
http://anduin.linuxfromscratch.org/BLFS/other/make-ca.sh-20161126
http://anduin.linuxfromscratch.org/BLFS/other/certdata.txt
then pointed CAPath at the resulting directory, but it doesn’t trust
my incoming signed mail. Also, using the mail gateway, rt-mailgate
complained about the https connection being untrusted and I had to use
-no-verify-ssl. What do I need to do to build a trust directory?
I have the queues set to sign by default, but the only messages I
see getting signed are the replies to the tickets. for example, the
autoreply on ticket creation is unsigned. How do I make all messages
originated by rt signed?
Thanks.
smime.p7s (5.38 KB)