Hi!
Just figured out how to give CakePHP / Passbolt an exact path to the self-signed CA it should use to verify encrypted SMTP connections. On the web I could only find suggestions that involved disabling TLS verification for self-signed certs, which is undesirable.
Inside your Passbolt app config file where SMTP settings are located (hostname, creds, ports), you have to use this option to specify the file path to the CA file (I used a PEM certificate format):
'EmailTransport' => [
'default' => [
...
'ssl_cafile' => '/usr/local/share/ca-certificates/CustomCA.crt',
...
],
Found that while reading the relevant source code of CakePHP, namely this file.
I used that successfully with SMTP over port 465 (smtps).
Maybe that will help someone!