This submenu is called up from Bulk Import Import X.509 keys and certificates.
Sections on this page:
•Certificate Data
•Advanced options
Section Certificate Data
Parameters
|
Description
|
Passphrase
|
Indication of the password required for importing the PKCS#12 key files.
This means that, for the mass import, it is assumed that all files to be imported have been protected with the same Passphrase!
|
PKCS#12 Files (unprotected ZIP File without directory structure)
|
Via the browser button "Select file" select the unencrypted ZIP file without folder structure, which contains the certificate files (file extension P12 or PFX) with an identical Passphrase for the private key.
|
Attention:
If no MPKI is used and the certificates and keys are managed manually, it must be ensured that new certificates are always issued on the basis of a new private key.
If the old private key is used, the existing, possibly expired certificates may be overwritten during import. Incoming mails encrypted with this old key can then no longer be decrypted.
|
|
Note:
Only valid keys can be imported.
If the ZIP file contains additional files whose formats deviate from those expected (P12 or PFX), these will be ignored.
If no user exists on the SEPPmail Secure E-Mail Gateway for the email address included in the key encryption yet, one is automatically created with this action. These automatically created users will be given as User ID the Email address. Depending on the quality of the certificate, the name entered in the certificate is used as the User name. If the certificate does not contain a corresponding name, the email address is also used here. If this is not desired, the users must be created before importing the S/MIME keys. This can be done via the function Import users (CSV).
|
|
Section Advanced options
Indicates the purpose of use of the PKCS#12 files to be imported.
Parameters
|
Description
|
 Allow decryption
|
By default, this option is active.
Indicates whether the PKCS#12 keys to be imported are to be used for the decryption of incoming emails for the corresponding applicant (please also refer to Issued to).
|
Allow signing
|
By default, this option is active.
Indicates whether the PKCS#12 keys to be imported are to be used for signing outgoing emails for of the corresponding applicant (please also refer to Issued to).
|
Customer
(optional)
|
Only available in client-capable systems.
|
|
|
Selection of the client to which the who were newly added through the bulk import, if applicable, are to be allocated.
|
Let system determine customer automatically
|
This is the default selection.
By activating this option, are allocated to the client () to which the email domain of the email address in the applicant field of the corresponding certificate is allocated.
|
The Import button uploads the indicated key material to the appliance.
