Extract the PKCS#7 object: $ openssl smime -verify -in file.msg -noverify -pk7out > file.pk7 Dump the certificates in that file openssl pkcs7 -print_certs -in file.pk7 > file.pem Open the file in your favorite text editor and seperate out each certificate individually in to it's own file and import: For each CA certificate that you want to trust: smime_keys add_root file.pem Note: You do not need to trust all intermediate CAs. You can simply trust the end-user certificate. For the subject certificate that you want to add: smime_keys add_cert file.pem