SMIME Crypt trust is none to all mails


I’m playing around with RT 4.4.3 Crypt and SMIME functions.

Unfortunately, I’m not able to configure RT to verify signed emails as “trusted”:
The signature is good, signed by , trust is none.

The development machine does not possess SMIME certificates but recognizes the signatures as “good” although all test emails are successfully signed by /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem.

Further, I copied the whole CA chain into a PEM file and tried to pin it directly; still, I got only “trust is none”. Do I forget something?

I would assume RT/openssl would be able to “find” the valid CA certificate. I’m using Debian Buster.

That the important config:
Set(%Crypt, ‘Incoming’ => [‘SMIME’] );
‘Enable’ => 1,
‘AcceptUntrustedCAs’ => 1,
‘CAPath’ => ‘/etc/ssl/certs/’,
‘Keyring’ => ‘/opt/rt4/var/smime’

/opt/rt4/var/smime is an empty directory.

perl 5.28.1-6
libapache2-mod-perl2 2.0.10-3
openssl 1.1.1d-0+deb10u3