In PBAS you can setup email S/MIME signing for all automatically created emails. For that purpose you need to have valid certificate for S/MIME signing.
If you already have required certificate you need to proceed following steps:
1. First of all you need to convert your certificate to PEM format (if needed) and create a private key for certificate. There are variety of tools and methods for achieving this, you can use any of them.
Here is an example for .p12 (PKCS#12 files, sometimes referred to as PFX files):
Import all certificates to PEM format from cert.p12 file and create a private key for them:
# openssl pkcs12 -in cert.p12 -nodes -out server.crt
Please use password provided to you by issuer, if you would be asked.
Now, from the beginning of the server.crt file private key is located, it looks like:
Bag Attributes friendlyName: ... localKeyID: ... Key Attributes: ... -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY-----
you need to move this key part to another file (for example server.key)
Please make sure that server.crt contains only the appropriate certificate. There can be more than one certificate in server.crt. Please make a copy of server.crt and remove all certificates but the one whose localKeyID corresponds to the localKeyID of the private key you moved to server.key.
Now you have your certificates located in server.crt file, key is in server.key file.
2. Please, check if your certificate is valid for S/MIME signing:
# openssl verify -verbose -purpose smimesign -CAfile cert.ca cert.cl
cert.ca -- file with CA certificates;
cert.cl -- file with client certificate.
If you have another (not OK) result, please check manual for error codes' explanations.
3. Install your certificate: under "Top > Configuration Director > Miscellaneous Settings > E-Mail Setup" click on the "Edit" button, check "Sign all e-mail messages" and specify certificate server.crt and private key server.key filenames.