Please enable JavaScript to view this site.

This submenu is called up from X.509 Certificates.

 

anchor link Section Advanced Settings

 

Parameters

Description

anchor link Deduplication

Clicking the Delete duplicated certificates now button, possibly duplicated certificates are immediately deleted once. The certificate with the longest validity period is retained.

 

empty

anchor link Note:

By removing duplicates, a recipient may no longer be able to read an encrypted email on all of their end devices.

If, for example, the recipient uses different keys on their notebook and mobile phone, they can only read the encrypted email on the end device on which the certificate with the longest validity period is installed once duplicates are deleted.

anchor link CheckBoxInactiveDelete duplicated certificates automatically

By default, this setting is inactive.

By activating this option, the above mentioned clean-up process is executed automatically once a day.

 

 

anchor link Expiration

With the Delete expired certificates now button, expired certificates are immediately removed once.

 

empty

anchor link Note:

By default, the SEPPmail Secure E-Mail Gateway also uses expired certificates for encryption (please also refer to Policies Refuse usage of expired certificates for encryption) if no current certificate is available.

By deleting expired certificates and by the aforementioned option, this behaviour can be prevented.

 

anchor link CheckBoxActiveDelete expired certificates automatically

By default, this option is active.

When active, the above mentioned clean-up process is executed automatically once a day.

anchor link Revocation

The Check OCSP/CRL status now button checks the validity of all certificates of the X.509 Certificates menu via OCSP (Online Certificate Status Protocol) and/or CRL (Certificate Revocation List) immediately.

 

anchor link Number of days after which unverifiable certificates are ignored:

The default entry is "never".

Certificates whose validity cannot be checked within the number of days entered here are not used for encryption.

 

empty

anchor link Attention:

Any other setting than "never" can lead to sporadic problems with encryption.

If, for instance, 7 days are set but the issuing CA only provides new revocation information every 10 days, a certificate of this CA would always be available for seven days for encryption and unavailable for the remaining three days.

anchor link CheckBoxInactiveAutomatically check revocation status every day

(new in 12.1)

By default, this setting is inactive.

When active, all certificates contained in X.509 Certificates are automatically subjected to a validity check once a day.

anchor link Policies

 

anchor link CheckBoxInactiveRefuse import of certificates with a signature algorithm using SHA-1 or lower

By default, this setting is inactive.

Prevents the import of certificates with an insecure hash algorithm, i.e. SHA-1 and older (see also

X.509 Certificates Import S/MIME certificate...

CHANGE GINA SETTINGS FOR Extended settings Certificate search and management in GINA:).

anchor link CheckBoxInactiveRefuse usage of expired certificates for encryption

By default, this setting is inactive.

The SEPPmail Secure E-Mail Gateway can also use expired certificates for encryption if no current certificate is available. Activating this option prevents this behaviour, even without deleting expired certificates (see Expiration Delete expired certificates automatically).

 

anchor link Bulk export

(new in 12.0)

Clicking on Download all X.509 certificates downloads all certificates listed in the higher-level menu X.509 Certificates, i.e. those of external communication partners, to a file named smime_certificates.zip.

 

The changes made to both sections are saved via the Save button.

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC