Hey,
I’m playing around with RT 4.4.3 Crypt and SMIME functions.
Unfortunately, I’m not able to configure RT to verify signed emails as “trusted”:
The signature is good, signed by , trust is none
.
The development machine does not possess SMIME certificates but recognizes the signatures as “good” although all test emails are successfully signed by /etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
.
Further, I copied the whole CA chain into a PEM file and tried to pin it directly; still, I got only “trust is none”. Do I forget something?
I would assume RT/openssl would be able to “find” the valid CA certificate. I’m using Debian Buster.
That the important config:
Set(%Crypt, ‘Incoming’ => [‘SMIME’] );
Set(%SMIME,
‘Enable’ => 1,
‘AcceptUntrustedCAs’ => 1,
‘CAPath’ => ‘/etc/ssl/certs/’,
‘Keyring’ => ‘/opt/rt4/var/smime’
);
/opt/rt4/var/smime
is an empty directory.
perl 5.28.1-6
libapache2-mod-perl2 2.0.10-3
openssl 1.1.1d-0+deb10u3