[rt-users] All Incoming SMIME Signed Messages Showing as No Trust

Zoey Schutt zoey at braincoral.io
Thu Jul 16 15:52:34 EDT 2015 

Hello,

 

OS and RT4 Info:

 

Debian GNU/Linux 7 (wheezy)

Apache/2.2.22 (Debian)

PHP 5.5.26-1~dotdeb+7.4

Request Tracker 4.2.11

 

I am attempting to configure S/MIME support in my RT4 instance, and I have
every piece working other than the verification of signatures on incoming
email. Signing outbound emails is working perfectly, and signatures are
processed on incoming mail as well. However, all signatures are being shown
as untrusted, with a message such as this: "SMIME: The signature is good,
signed by "Zoey Schutt" , trust is none".

 

Similarly, the keys and certificates I have loaded to sign outgoing messages
are showing as issued by blank, such as this one:

 


SMIME key '"Zoey Schutt" <webmaster at braincoral.io> (issued by )'


Fingerprint:

76c140826f39d9d66ae4dc40328c0f23c177d0ca


Created:

Mon Jul 06 2015


Expire:

Thu Jul 06 2017


User:

"Zoey Schutt" <webmaster at braincoral.io>

 

All of the keys I have been using to test this are valid and certified by
StartCom Class 2. My configuration is as such:

 

Set(@MailPlugins, 'Auth::MailFrom', 'Auth::Crypt');

Set(%SMIME,

    Enable => 1,

    OpenSSL => 'openssl',

    Keyring => q{var/data/smime},

    CAPath => '/opt/rt4/var/data/smime-roots',

    AcceptUntrustedCAs => 1,

    Passphrase => {

        'webmaster at braincoral.io' => 'REMOVED',

        'support at braincoral.io' => 'REMOVED',

        '' => 'fallback',

        },

);

Set(%Crypt,

    Incoming                  => ['SMIME', 'GnuPG'],

    Outgoing                  => 'SMIME',

 

    RejectOnUnencrypted       => 0,

    RejectOnMissingPrivateKey => 1,

    RejectOnBadData           => 1,

 

    AllowEncryptDataInDB      => 0,

 

    Dashboards => {

        Encrypt => 0,

        Sign    => 0,

    },

);

 

I have attached a list of the contents of var/data/smime-roots to a text
file on this email. The contents are just a copy of the /etc/ssl/certs
directory of my server, with c_rehash run on it. I have tried the
configuration with a trailing slash and without on CAPath, and neither have
worked.

 

Any assistance would be greatly appreciated!

 

Regards,

 

Zoey Schutt

Braincoral Technology

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150716/0b6e5d9f/attachment.htm>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: SMIME-Roots.txt
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20150716/0b6e5d9f/attachment.txt>

More information about the rt-users mailing list