Hello,
OS and RT4 Info:
Debian GNU/Linux 7 (wheezy)
Apache/2.2.22 (Debian)
PHP 5.5.26-1~dotdeb+7.4
Request Tracker 4.2.11
I am attempting to configure S/MIME support in my RT4 instance, and I have
every piece working other than the verification of signatures on incoming
email. Signing outbound emails is working perfectly, and signatures are
processed on incoming mail as well. However, all signatures are being shown
as untrusted, with a message such as this: "SMIME: The signature is good,
signed by "Zoey Schutt" , trust is none".
Similarly, the keys and certificates I have loaded to sign outgoing messages
are showing as issued by blank, such as this one:
SMIME key '"Zoey Schutt" (issued by )'
Fingerprint:
76c140826f39d9d66ae4dc40328c0f23c177d0ca
Created:
Mon Jul 06 2015
Expire:
Thu Jul 06 2017
User:
"Zoey Schutt"
All of the keys I have been using to test this are valid and certified by
StartCom Class 2. My configuration is as such:
Set(@MailPlugins, 'Auth::MailFrom', 'Auth::Crypt');
Set(%SMIME,
Enable => 1,
OpenSSL => 'openssl',
Keyring => q{var/data/smime},
CAPath => '/opt/rt4/var/data/smime-roots',
AcceptUntrustedCAs => 1,
Passphrase => {
'webmas...@braincoral.io' => 'REMOVED',
'supp...@braincoral.io' => 'REMOVED',
'' => 'fallback',
},
);
Set(%Crypt,
Incoming => ['SMIME', 'GnuPG'],
Outgoing => 'SMIME',
RejectOnUnencrypted => 0,
RejectOnMissingPrivateKey => 1,
RejectOnBadData => 1,
AllowEncryptDataInDB => 0,
Dashboards => {
Encrypt => 0,
Sign=> 0,
},
);
I have attached a list of the contents of var/data/smime-roots to a text
file on this email. The contents are just a copy of the /etc/ssl/certs
directory of my server, with c_rehash run on it. I have tried the
configuration with a trailing slash and without on CAPath, and neither have
worked.
Any assistance would be greatly appreciated!
Regards,
Zoey Schutt
Braincoral Technology
00673b5b.0 55a10908.0 9d6523ce.0
ccc52f49.0
GeoTrust_Global_CA.pem
024dc131.0 5620c4aa.0 9dbefe7b.0
cd58d51e.0
GeoTrust_Primary_Certification_Authority_-_G2.pem
02b73561.0 56657bde.0 9ec3a561.0
cdaebb72.0
GeoTrust_Primary_Certification_Authority_-_G3.pem
034868d6.0 56b8a0b6.0 9f533518.0
Certigna.pem
GeoTrust_Primary_Certification_Authority.pem
039c618a.0 56e29e75.0 9f541fb4.0
Certinomis_-_Autorité_Racine.pem
GeoTrust_Universal_CA_2.pem
052e396b.0 57692373.0 a0bc6fbb.0
Certplus_Class_2_Primary_CA.pem
GeoTrust_Universal_CA.pem
062cdee6.0 578d5c04.0 a15b3b6b.0
certSIGN_ROOT_CA.pem
Global_Chambersign_Root_-_2008.pem
080911ac.0 57bbd831.0 a2df7ad7.0
Certum_Root_CA.pem
GlobalSign_Root_CA.pem
0810ba98.0 57bcb2da.0 a3896b44.0
Certum_Trusted_Network_CA.pem
GlobalSign_Root_CA_-_R2.pem
08aef7bb.0 58a44af1.0 a5fd78f0.0
cf701eeb.0
GlobalSign_Root_CA_-_R3.pem
09789157.0 590d426f.0 a6a593ba.0
cfa1c2ee.0
Go_Daddy_Class_2_CA.pem
0b759015.0 592c0a9a.0 a7605362.0
Chambers_of_Commerce_Root_-_2008.pem
Go_Daddy_Root_Certificate_Authority_-_G2.pem
0ba01d19.0 594f1775.0 a760e1bd.0
China_Internet_Network_Information_Center_EV_Certificates_Root.pem
GTE_CyberTrust_Global_Root.pem
0c4c9b6c.0 5a3f0ff8.0 a7d2cf64.0
CNNIC_ROOT.pem
Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
0d188d89.0 5a5372fc.0 a8dee976.0
Comodo_AAA_Services_root.pem
Hongkong_Post_Root_CA_1.