My new bank send me signed emails, but theirs CA is not present in debian openssl installation. Looking around into their website I’ve found the CA certificate called TrustItaliaC1.cer. Downloaded it then

openssl x509 -in TrustItaliaC1.cer -text

It should dump the certificate contents. Unfortunately I didn’t find a way to install the certificate as user into my home directory without playing as root which is almost always a bad thing to do, so, to keep the root’s modification at minimum, I create a ~/.ssl/certs

mkdir ~/.ssl/certs

move and rename the CA into the new dir as

mv TrustItaliaC1.cer ~/.ssl/certs/mybank.pem

then as root

sudo -i
cd /etc/ssl/certs
ln -s /home/enrico/.ssl/certs/mybank.pem
c_rehash

Now in mutt I can see as verified the emails from the bank. Good.