blank

Important information on integrating SwissSign as a certificate provider

The following document was created in collaboration with SwissSign. It contains all relevant information on the integration of a Managed PKI from SwissSign into NoSpamProxy.

FAQNetAtWork.pdf

This document will be updated if necessary.

Last updated 03.09.2015.

SwissSign Silver ID products supported by NoSpamProxy

NoSpamProxy currently supports two out of three Silver ID products offered:

  • Silver certificates without state, organisation and country field
    • Name in the order process: Email ID Silver, email address validated (web interface or partner application)
  • Silver certificates without state field
    • Name in the order process: Email ID Silver, email address validated, organization, country (partner application only)

Products not supported

The following Silver ID product is not supported:

  • Silver certificates with state field
    • Name in the order process: Email ID Silver, email address validated, organization, canton/state, country (partner application only)

Please take note of this information when ordering and make sure to only order the supported products!

If you have ordered the wrong product, you will find the form with which you can request the change from SwissSign under the following link:
https://www.swisssign.com/dam/jcr:85abf68a-1990-47f7-9530-9b1cce0397a7/MPKI_ChangeOrder_DE.pdf

blank

Configuration of a web proxy for NoSpamProxy Version 9.2 and higher

This article describes how to configure a proxy server for NoSpamProxy version 9.x and higher. The Cyren filter and antivirus also works via port 80, but this is configured separately:

How to configure Cyren services

Queries via Windows components

In order to be able to use the proxy for queries that are made directly via Windows components, such as a possible CRL check, you must store the proxy in the system. To do this, execute the following command as an administrator. This command adopts the proxy settings from Internet Explorer for the system components:

netsh winhttp import proxy source=ie

This is necessary on the server with the Intranet and Gateway Role of NoSpamProxy.

Gateway Role

To enter the proxy, the file NetatworkMailGatewayGatewayRole.exe.config from the directory “..\Net at Work Mail Gateway\Gateway Role” must be edited. The following lines must be added.

Copy and Paste does not work because invisible control characters are also copied.

<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>

Adjust the IP address of your proxy server accordingly. The file should look similar to the following. However, please edit a copy of the original file!
Copy and Paste does not work because invisible control characters are also copied.

<?XML version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<gcServer enabled="true" />
<generatePublisherEvidence enabled="false"/>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.Unity" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-2.1.505.0" newVersion="2.1.505.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="EntityFramework" publicKeyToken="b77a5c561934e089" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-4.3.1.0" newVersion="4.3.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.ServiceLocation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-7.0.0.0" newVersion="7.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-3.0.1.0" newVersion="3.0.1.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Edm" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.OData" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Spatial" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.2.0" newVersion="5.6.2.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Microsoft.Data.Services.Client" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-5.6.4.0" newVersion="5.6.4.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
<system.net>
<defaultProxy>
<proxy
usesystemdefault="true"
proxyaddress="http://192.168.1.10:3128"
bypassonlocal="true"
/>
</defaultProxy>
</system.net>​​
</configuration>

If you want to define exceptions, add the following section directly above the line </defaultProxy>

<bypasslist>
<add address="[a-z]+\.contoso\.com$" />
<add address="192\.168\.\d{1,3}\.\d{1,3}" />
<add address="intranet.nospamproxy.de" />
</bypasslist>​

If it is absolutely necessary to say that NO web proxy is to be used, the following must be entered:

<system.net>
<defaultProxy enabled="false" />
</system.net>

After you have modified the file, restart the Gateway Role.

Please note that the file may be overwritten with each patch/upgrade and the changes must be made again.

Intranet Role

If you want to assign a proxy to the Intranet role, this can be done in the same way as described above using the NetatworkMailGatewayIntranetRole.exe.config from the directory “..\Net at Work Mail Gateway\Intranet Role”. Please note that the Intranet Role requires direct communication with the Gateway Role. You should therefore define proxy exceptions for the Gateway Role(s).

Outlook Add-in

If a Web Proxy with authentication is used on the client PC, it is possible that the NoSpamProxy Outlook add-in cannot upload files to the Web Portal from the client PC because the information from the system variables do not apply here. To make this information available to the add-in, however, you must perform the following steps:

    1. In the Microsoft Outlook installation directory, create a new file named “Outlook.exe.config” next to the “Outlook.exe” file.
    2. Enter the following information into this file and save it:
      <configuration>
      <system.net>
      <defaultProxy useDefaultCredentials="true" />
      </system.net>
      </configuration>
    3. Restart Outlook.

Find more information on the Microsoft Website.

blank

You can use a custom SSL certificate to secure the management website of the disclaimer tool. To do this, the desired certificate with the private key must be stored in the certificate store of the computer account on the Intranet role under “Personal certificates”. In the training video for integrating your own TLS certificate, this is explained for the Gateway Role, among other things. However, the manual rights adjustment for the Intranet role is not necessary, this is accomplished by the Powershell shown below.

If the certificate is located in the certificate store on the Intranet Role, run Powershell with admin rights as local administrator. Then execute the following command:

Set-NspWebApiConfiguration -ShowCertificateSelectorUI

A window opens in which the available certificates are displayed. Select the desired certificate and confirm your selection. Now restart the Intranet Role. Your certificate is now active on the Disclaimer website.