5.8.2. S/MIME signature

⁠5.8.2. S/MIME signature

These config options are specific to PhpMailer provider.

This sections describes the necessary settings to enable S/MIME signature for outgoing MantisBT e-mails.

$g_email_smime_enable: Enables S/MIME signature.
Defaults to OFF.
$g_email_smime_cert_file: Path to the S/MIME certificate.
The file must contain a PEM-encoded certificate.
$g_email_smime_key_file: Path to the S/MIME private key file.
The file must contain a PEM-encoded private key matching the S/MIME certificate.
$g_email_smime_key_password: Password for the S/MIME private key.
Leave blank if the private key is not protected by a passphrase.
$g_email_smime_extracerts_file: Optional path to S/MIME extra certificates.
The file must contain one (or more) PEM-encoded certificates, which will be included in the signature to help the recipient verify the certificate specified in $g_email_smime_cert_file ("CA Chain").

Note

MantisBT expects the S/MIME certificates and the private key files to be in PEM format. If you have a PKCS12 encrypted certificate (typically with a .pfx or .p12 extension), you may use the following openssl commands to extract and convert the individual elements:

Certificate

openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt

Extra certificates ("CA chain")

openssl pkcs12 -in cert.pfx -cacerts -nokeys -out ca-chain.crt

Private key (-passout specifies the private key's password)

openssl pkcs12 -in cert.pfx -nocerts -out cert.key -passout pass:

If the input file is protected, openssl will ask for the password; alternatively, you can specify it on the command-line with the -passin option, e.g. -passin pass:PASSWORD