Re: [rt-users] All Incoming SMIME Signed Messages Showing as No Trust

2015-07-24 Thread Zoey Schutt 
Thank you for the reply! I'll send you the signed email from my other email
address, as I don't have my personal certificate on the computer I am
currently using. It's issued by the same CA as my other ones.

All of my SSL certificates are from StartSSL, Class 2 Verified. Then I just
ran the X.506 binary through openssl and converted them to PEM files. Those
are outgoing of course, my incoming emails that I have been using to test so
far are sent via Outlook 2013.

I will send you the CA's PEM file and a signed message from my other address
as well, off-list.

Extra Version Info:

OpenSSL 1.0.1e 11 Feb 2013
perl 5, version 14, subversion 2 (v5.14.2) built for
x86_64-linux-gnu-thread-multi

Regards,

Zoey Schutt

-Original Message-
From: rt-users [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf
Of Alex Vandiver
Sent: Friday, July 24, 2015 2:20 AM
To: rt-users@lists.bestpractical.com
Subject: Re: [rt-users] All Incoming SMIME Signed Messages Showing as No
Trust

On Thu, 16 Jul 2015 15:52:34 -0400 "Zoey Schutt" 
wrote:
> OS and RT4 Info:
> 
> Debian GNU/Linux 7 (wheezy)
> Apache/2.2.22 (Debian)
> PHP 5.5.26-1~dotdeb+7.4
> Request Tracker 4.2.11

As a note, RT is written in Perl, not PHP.  The other useful version to know
is the version of openssl, which you can find by running:

   openssl version

> I am attempting to configure S/MIME support in my RT4 instance, and I 
> have every piece working other than the verification of signatures on 
> incoming email.

What software is generating your certificates, and sending the incoming
mail?  I suspect your certificates are weird in a way that is throwing
openssl off.

Can you send me a simple S/MIME signed message and your CA's PEM file,
off-list, so I can inspect it?

 - Alex

Re: [rt-users] All Incoming SMIME Signed Messages Showing as No Trust

2015-07-23 Thread Alex Vandiver 
On Thu, 16 Jul 2015 15:52:34 -0400 "Zoey Schutt" 
wrote:
> OS and RT4 Info:
> 
> Debian GNU/Linux 7 (wheezy)
> Apache/2.2.22 (Debian)
> PHP 5.5.26-1~dotdeb+7.4
> Request Tracker 4.2.11

As a note, RT is written in Perl, not PHP.  The other useful version to
know is the version of openssl, which you can find by running:

   openssl version

> I am attempting to configure S/MIME support in my RT4 instance, and I
> have every piece working other than the verification of signatures on
> incoming email.

What software is generating your certificates, and sending the incoming
mail?  I suspect your certificates are weird in a way that is throwing
openssl off.

Can you send me a simple S/MIME signed message and your CA's PEM file,
off-list, so I can inspect it?

 - Alex

[rt-users] All Incoming SMIME Signed Messages Showing as No Trust

2015-07-16 Thread Zoey Schutt 
Hello,

 

OS and RT4 Info:

 

Debian GNU/Linux 7 (wheezy)

Apache/2.2.22 (Debian)

PHP 5.5.26-1~dotdeb+7.4

Request Tracker 4.2.11

 

I am attempting to configure S/MIME support in my RT4 instance, and I have
every piece working other than the verification of signatures on incoming
email. Signing outbound emails is working perfectly, and signatures are
processed on incoming mail as well. However, all signatures are being shown
as untrusted, with a message such as this: "SMIME: The signature is good,
signed by "Zoey Schutt" , trust is none".

 

Similarly, the keys and certificates I have loaded to sign outgoing messages
are showing as issued by blank, such as this one:

 


SMIME key '"Zoey Schutt"  (issued by )'


Fingerprint:

76c140826f39d9d66ae4dc40328c0f23c177d0ca


Created:

Mon Jul 06 2015


Expire:

Thu Jul 06 2017


User:

"Zoey Schutt" 

 

All of the keys I have been using to test this are valid and certified by
StartCom Class 2. My configuration is as such:

 

Set(@MailPlugins, 'Auth::MailFrom', 'Auth::Crypt');

Set(%SMIME,

Enable => 1,

OpenSSL => 'openssl',

Keyring => q{var/data/smime},

CAPath => '/opt/rt4/var/data/smime-roots',

AcceptUntrustedCAs => 1,

Passphrase => {

'webmas...@braincoral.io' => 'REMOVED',

'supp...@braincoral.io' => 'REMOVED',

'' => 'fallback',

},

);

Set(%Crypt,

Incoming  => ['SMIME', 'GnuPG'],

Outgoing  => 'SMIME',

 

RejectOnUnencrypted   => 0,

RejectOnMissingPrivateKey => 1,

RejectOnBadData   => 1,

 

AllowEncryptDataInDB  => 0,

 

Dashboards => {

Encrypt => 0,

Sign=> 0,

},

);

 

I have attached a list of the contents of var/data/smime-roots to a text
file on this email. The contents are just a copy of the /etc/ssl/certs
directory of my server, with c_rehash run on it. I have tried the
configuration with a trailing slash and without on CAPath, and neither have
worked.

 

Any assistance would be greatly appreciated!

 

Regards,

 

Zoey Schutt

Braincoral Technology

00673b5b.0  55a10908.0  9d6523ce.0   
  ccc52f49.0  
GeoTrust_Global_CA.pem
024dc131.0  5620c4aa.0  9dbefe7b.0  
   cd58d51e.0  
GeoTrust_Primary_Certification_Authority_-_G2.pem
02b73561.0  56657bde.0  9ec3a561.0  
   cdaebb72.0  
GeoTrust_Primary_Certification_Authority_-_G3.pem
034868d6.0  56b8a0b6.0  9f533518.0  
   Certigna.pem
GeoTrust_Primary_Certification_Authority.pem
039c618a.0  56e29e75.0  9f541fb4.0  
   Certinomis_-_Autorité_Racine.pem
GeoTrust_Universal_CA_2.pem
052e396b.0  57692373.0  a0bc6fbb.0  
   Certplus_Class_2_Primary_CA.pem 
GeoTrust_Universal_CA.pem
062cdee6.0  578d5c04.0  a15b3b6b.0  
   certSIGN_ROOT_CA.pem
Global_Chambersign_Root_-_2008.pem
080911ac.0  57bbd831.0  a2df7ad7.0  
   Certum_Root_CA.pem  
GlobalSign_Root_CA.pem
0810ba98.0  57bcb2da.0  a3896b44.0  
   Certum_Trusted_Network_CA.pem   
GlobalSign_Root_CA_-_R2.pem
08aef7bb.0  58a44af1.0  a5fd78f0.0  
   cf701eeb.0  
GlobalSign_Root_CA_-_R3.pem
09789157.0  590d426f.0  a6a593ba.0  
   cfa1c2ee.0  
Go_Daddy_Class_2_CA.pem
0b759015.0  592c0a9a.0  a7605362.0  
   Chambers_of_Commerce_Root_-_2008.pem
Go_Daddy_Root_Certificate_Authority_-_G2.pem
0ba01d19.0  594f1775.0  a760e1bd.0  
   China_Internet_Network_Information_Center_EV_Certificates_Root.pem  
GTE_CyberTrust_Global_Root.pem
0c4c9b6c.0  5a3f0ff8.0  a7d2cf64.0  
   CNNIC_ROOT.pem  
Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
0d188d89.0  5a5372fc.0  a8dee976.0  
   Comodo_AAA_Services_root.pem
Hongkong_Post_Root_CA_1.