diff --git a/config_defaults_inc.php b/config_defaults_inc.php index a0bb50fd66..a41ead3cc9 100644 --- a/config_defaults_inc.php +++ b/config_defaults_inc.php @@ -757,14 +757,18 @@ $g_email_dkim_identity = 'noreply@example.com'; /** - * Path to mail certification file + * Path to the S/MIME certificate. + * + * The file must contain a PEM-encoded certificate. * * @global string $g_email_smime_cert_file */ $g_email_smime_cert_file = ''; /** - * Path to mail private key file + * Path to the S/MIME private key file. + * + * The file must contain a PEM-encoded private key matching the S/MIME certificate. * * @see $g_email_smime_cert_file * @@ -773,14 +777,21 @@ $g_email_smime_key_file = ''; /** - * mail private key pass + * Password for the S/MIME private key. + * + * Leave blank if the private key is not protected by a passphrase. + * @see $g_email_smime_key_file * * @global string $g_email_smime_key_password */ $g_email_smime_key_password = ''; /** - * Path to mail extra certification file + * Optional path to S/MIME extra certificates. + * + * The file must contain one (or more) PEM-encoded certificates, which will be + * included in the signature to help the recipient verify the certificate + * specified in {@see $g_email_smime_cert_file} ("CA Chain"). * * @global string $g_email_smime_extracerts_file */ diff --git a/docbook/Admin_Guide/en-US/config/email.xml b/docbook/Admin_Guide/en-US/config/email.xml index 79e6a409c0..00aa674410 100644 --- a/docbook/Admin_Guide/en-US/config/email.xml +++ b/docbook/Admin_Guide/en-US/config/email.xml @@ -554,4 +554,95 @@ $g_notify_flags['new'] = array( + +
+ S/MIME signature + + + + $g_email_smime_cert_file + + Path to the + S/MIME + certificate. + + The file must contain a + PEM-encoded + certificate. + + + + + $g_email_smime_key_file + + Path to the S/MIME private key file. + The file must contain a PEM-encoded private key + matching the S/MIME certificate. + + + + + $g_email_smime_key_password + + Password for the S/MIME private key. + Leave blank if the private key is not protected + by a passphrase. + + + + + $g_email_smime_extracerts_file + + Optional path to S/MIME extra certificates. + The file must contain one (or more) PEM-encoded + certificates, which will be included in the signature to + help the recipient verify the certificate specified in + $g_email_smime_cert_file + ("CA Chain"). + + + + + + + MantisBT expects the S/MIME certificates and the private key + files to be in + PEM + format. + If you have a PKCS12 + encrypted certificate (typically with a .pfx or .p12 extension), + you may use the following openssl commands + to extract and convert the individual elements: + + + + Certificate + +openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt + + + + Extra certificates ("CA chain") + +openssl pkcs12 -in cert.pfx -cacerts -nokeys -out ca-chain.crt + + + + Private key + (-passout specifies the private key's password) + + +openssl pkcs12 -in cert.pfx -nocerts -out cert.key -passout pass: + + + + If the input file is protected, openssl will ask for the password; + alternatively, you can specify it on the command-line with the + -passin option, e.g. + -passin pass:PASSWORD + + + +
+