Digicert

DigiCert-specific sections in MPKI

Verfügbaren Sektionen:

Section Default parameters

Depending on the contract, the necessary settings have to be made here. As a rule, these are made available by DigiCert upon the conclusion of the contract between the email domain owner and DigiCert.

Parameters	Description
API key	Provided by DigiCert. The entry is checked for validity.
Default organisation ID	Provided by DigiCert, The entry is checked for validity.
Default Product	Select your default product. Available products will be loaded after an API key has been added.
Full name regex (new in 14.1.2)	A given name and surname must always be specified in the request or (permitted for certain products) the pseudonym attribute can be used. As SEPPmail Secure E-Mail Gateway does not store the first name and surname separately in the database, the full name has to be split by using a regular expression. By default, the assumed schema is "Given Name Surname", so that the default regex "(?<GN>.+) (?<SN>.+)" would split this into gn="Given Name" sn="Surname".

Section Domain specific parameters (optional)

If the SEPPmail Secure E-Mail Gateway manages several email domains (Managed Domains), this option can be used to specify specific parameters for creating user certificates for each domain.

After saving the domain specific option via Save entries another input field appears in each case.

Parameters

Description

New organisation ID:

Provided by DigiCert

Domains:

Provided by DigiCert

empty

Attention:

The domain entered here must be selected under Connectors MPKI managed domains in order to obtain certificates.

Section Settings

Settings for the automatic renewal of certificates.

empty

Note:

The validity period of the certificates of the individual users can be found in the file user-stats.csv which comes with the Daily Report (see also Groups statisticsadmin).

This is especially helpful if no automatic renewal of certificates has been set.

Parameters

Description

CheckBoxInactive Automatically renew expiring certificates if validity days left less than

This option is inactive by default and pre-set to 30.

Initiates the automatic renewal of certificates of active users (Users) if the remaining validity period is the set value. One pre-condition in this respect is that the corresponding user sends an email within the set overlap time. This prevents certificates from being obtained for "corpses" in the Users menu, including certificates subject to a fee, if applicable. The thus initiated process runs overnight (!).

empty

Note:

If the MPKI is activated retrospectively, existing, manually imported certificates are also taken into account. The certificate of the user with the longest validity period (expires on) is decisive for the renewal via MPKI.

Certificates of the internal certification authority as well as revoked or expired certificates are not taken into account.

empty

Note:

The greater the overlap in the certificate validity, the greater the chance that the communication partner will come into possession of a valid public key, which they need for sending encrypted emails.

CheckBoxInactive Automatically create certificates for active users without certificates

By default, this option is inactive.

This function obtains a certificate for all existing active Users, who are not in possession of a valid (!) certificate, automatically overnight (!).

Active Users are users who have sent an email in the last 30 days and do not have the State inactive.

empty

Attention:

Only works if the following option is active at the same time: Automatically renew expiring certificates if validity days left less than

Chain certificates (needed to sign emails)

By clicking on Add or update..., the intermediate certificates under X.509 Root Certificates required for supplementing the certificate chain when signing are added/updated.

empty

Note:

This action is mandatory after completion of the MPKI configuration!

The changes made are saved via the Save button.

Please enable JavaScript to view this site.

Keyboard Navigation