Managing S/MIME Certificates

In NoSpamProxy it is possible to request and revoke certificates via a managed PKI of an external certificate provider. In addition, certificates can be promoted to a domain certificate – also called gateway certificate – for your own domains or for partner domains. With a domain certificate, all emails are encrypted/decrypted or signed, depending on the certificate and direction, if there is no separate certificate for the recipient/sender.

Requirements:

• The Encryption module is licensed.
• Certificate provider is set up (for requesting and revoking).
• Certificate can be used by the entire company (upgrade for certificate).

Request certificates (manually via user)

1. Go to People and identities > Domains and users > Corporate users.
2. Highlight the contact.
3. Click Request cryptographic keys for selected users and follow the instructions in the dialog.

Request certificates (automatically via a user group)

1. Go to People and identities > Domains and users > Corporate users.
2. Click Automatic user import.
3. Highlight the relevant Active Directory import and click Modify.
   
4. On the Groups tab, highlight the Active Directory group and klick Add.
5. In the dialog Automatic key request, select the relevant provider and confirm.

Each time an Active Directory import (scheduled or manual) is performed, the system checks whether a new certificate is required for a user in the group.

Revoking certificates

1. Go to People and identities > domains and users > Corporate users.
2. Highlight the contact and click Modify.
3. On the Email addresses tab, select the email address with the certificate and click Modify.
4. On the Certificates tab, select the certificate to be revoked.
5. Click Revoke.
6. Follow the indstructions from the dialog.

The following two descriptions lead to one certificate being used for an entire company.

Please note: The other end must always support this and allow the certificate to be used for it. If you have any questions about the certificate, please contact the issuing authority.

Promoting certificates for a partner domain 

1. Go to People and identities > Partners.
2. Select the partner domain and click Modify.
3. On the User entries tab, select the user with the domain certificate and click Modify.
4. On the Certificates tab, select the certificate to be promoted and click Promote to domain certificates.
5. Follow the instructions from the dialog.

Please note: The certificate is no longer available in the user entry, but on the Domain entry tab under End-to-end encryption > Modify on the Certificates tab.

Promoting certificates for owned domains

1. Go to People and identities > Domains and users > Corporate users.
2. Highlight the contact and click Modify.
3. On the Email Addresses tab, select the email address with the certificate and click Modify.
4. On the Certificates tab, select the certificate to be promoted.
5. Click Promote to domain certificates.
6. Follow the instructions from the dialog.

Please note: The certificate is no longer available in the contact, but under Owned domains in the relevant domain on the Certificates tab.