Please enable JavaScript to view this site.

Simple Certificate Enrolment Protocol (SCEP)-specific sections in MPKI

 

Sections on this page:

Parameters

Certificate

Settings

 

 

anchor link Parameters

 

This section contains the connection data to the external CA.

 

Parameters

Description

anchor link Service URL

URL under which the connection to the certification authority is established. The default is the URL with the Network Device Enrolment (NDES) name of the SEPPmail Secure E-Mail Gateway for Microsoft Enterprise CA:

http://localhost:10000/certsrv/mscep/mscep.dll

 

 

anchor link Certificate

 

In this section, the parameters for authentication at the external certification authority are specified.

 

Parameters

Description

anchor link Challenge password

Password for transmitting a request to the external CA.

 

empty

anchor link Note:

The password is displayed in plain text during input so that it can be verified. The input field is then cleared when the password is saved.

anchor link Encryption certificate

This function is used to integrate the certificate for signing the requests to the external certification authority (RA certificate). This RA certificate is usually issued explicitly by the external certification authority for the MPKI connection of the SEPPmail Secure E-Mail Gateway.

 

empty

anchor link Note:

If NDES is used for ADCS, the "NDES CEP Encryption Certificate" must be used at this point.

anchor link CA certificate

At this point, the root certificate of the certification authority to be externally connected is provided.

 

empty

anchor link Note:

If NDES is used for ADCS, the "NDES Enrollment Agent Certificate" must be used at this point.

 

 

anchor link Settings

 

Settings for the automatic renewal of certificates.

 

empty

anchor link Note:

The validity period of the certificates of the individual users can be found in the file user-stats.csv which comes with the Daily Report (see also Groups statisticsadmin).

This is especially helpful if no automatic renewal of certificates has been set.

 

Parameters

Description

anchor link CheckBoxInactive Automatically renew expiring certificates if validity days left less than

This option is inactive by default and pre-set to 30.

Initiates the automatic renewal of certificates of active users (Users) if the remaining validity period is the set value. One pre-condition in this respect is that the corresponding user sends an email within the set overlap time. This prevents certificates from being obtained for "corpses" in the Users menu, including certificates subject to a fee, if applicable. The thus initiated process runs overnight (!).

 

empty

anchor link Note:

If the MPKI is activated retrospectively, existing, manually imported certificates are also taken into account. The certificate of the user with the longest validity period (expires on) is decisive for the renewal via MPKI.

Certificates of the internal certification authority as well as revoked or expired certificates are not taken into account.

 

empty

anchor link Note:

The greater the overlap in the certificate validity, the greater the chance that the communication partner will come into possession of a valid public key, which they need for sending encrypted emails.

anchor link CheckBoxInactive Automatically create certificates for active users without certificates

By default, this option is inactive.

This function obtains a certificate for all existing active Users, who are not in possession of a valid (!) certificate, automatically overnight (!).

 

Active Users are users who have sent an email in the last 30 days and do not have the State inactive.

 

empty

anchor link Attention:

Only works if the following option is active at the same time: Automatically renew expiring certificates if validity days left less than

 

The changes made are saved via the Save button.

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC