|
The SEPPmail Secure E-Mail Gateway includes a complete PKI and manages user keys and/or certificates centrally in the system. Email certificates can be imported from any CAs. For the major CAs, SEPPmail provides connectors, however: |
Active Connectors |
Description |
|---|---|
D-Trust |
Bundesdruckerei (Federal Printing Office, Germany) |
German Research Network (Deutsches Forschungsnetz) |
CA of the German Research Network |
DigiCert |
Accredited American CA based in Lehi / Utah |
DigiCert CertCentral |
Accredited American CA based in Lehi / Utah |
GlobalSign |
Accredited CA based in the UK |
GlobalTrust |
Accredited CA based in Austria |
QuoVadis Trustlink |
Internationally accredited Swiss CA |
SCEP |
Protocol through which CAs of various manufacturers – including Microsoft – can be connected. However, this is not (yet) a standard (RFC). |
SECTIGO |
Accredited American CA, based in Roseland/New Jersey |
SwissSign |
CA of the Swiss mail service |
Connectors in preparation |
Description |
|---|---|
A-Trust |
Accredited certification service providers for qualified certificates in Austria and Liechtenstein |
Entrust |
Accredited American CA, based in Dallas / Texas |
Via these connectors, emails and, if necessary, personal certificates can be obtained automatically from the corresponding CA. The procedure applied in each individual case may vary. In the appliance, the certificates thus obtained are automatically assigned to the users and used for the signature.
The receipt of certificates for the email accounts is therefore flexible and individually configurable.
When a new user is created – this can optionally be done automatically, for example by requesting encryption or signature, or manually – it can be selected whether an email certificate is to be issued automatically. This can then be obtained from the internal (sub) CA or via the MPKI interface. If necessary, both variants are possible in parallel.
If the certificate is obtained via the MPKI, the key pair is generally generated on the SEPPmail Secure E-Mail Gateway and only the public key for signing is transferred to the trusted CA. In this method, the sensitive private key never leaves the appliance and is located there – like the entire key material – in a secure area.
Also the fully automated renewal of the certificates is possible. Here, generally, an overlapping period is set up so that a new one is generated even before a certificate expires. This overlap guarantees that the communication partners have a new, valid certificate for encryption at the latest upon expiration of the old certificate.
For the MPKI function process, in our YouTube channel an explanatory video can be found.
