Product SiteDocumentation Site

5.8.2. S/MIME signature

This sections describes the necessary settings to enable S/MIME signature for outgoing MantisBT e-mails.
Enables S/MIME signature.
Defaults to OFF.
Path to the S/MIME certificate.
The file must contain a PEM-encoded certificate.
Path to the S/MIME private key file.
The file must contain a PEM-encoded private key matching the S/MIME certificate.
Password for the S/MIME private key.
Leave blank if the private key is not protected by a passphrase.
Optional path to S/MIME extra certificates.
The file must contain one (or more) PEM-encoded certificates, which will be included in the signature to help the recipient verify the certificate specified in $g_email_smime_cert_file ("CA Chain").


MantisBT expects the S/MIME certificates and the private key files to be in PEM format. If you have a PKCS12 encrypted certificate (typically with a .pfx or .p12 extension), you may use the following openssl commands to extract and convert the individual elements:
  • Certificate
    openssl pkcs12 -in cert.pfx -clcerts -nokeys -out cert.crt
  • Extra certificates ("CA chain")
    openssl pkcs12 -in cert.pfx -cacerts -nokeys -out ca-chain.crt
  • Private key (-passout specifies the private key's password)
    openssl pkcs12 -in cert.pfx -nocerts -out cert.key -passout pass:
If the input file is protected, openssl will ask for the password; alternatively, you can specify it on the command-line with the -passin option, e.g. -passin pass:PASSWORD