Simple Certificate Enrolment Protocol (SCEP)-specific sections in MPKI
Sections on this page:
This section contains the connection data to the external CA.
Parameters |
Description |
||
|---|---|---|---|
URL under which the connection to the certification authority is established. The default is the URL with the Network Device Enrolment (NDES) name of the SEPPmail Secure E-Mail Gateway for Microsoft Enterprise CA: |
|||
|
(new in 15.0.4.2) |
This part appears in the certificate of the corresponding user as an extension of the "Applicant" field and can be freely defined in the framework of a distinguished name - for example /C=[two-character country code]/OU=[organisation detail]/O=[organisation] - whereby the indication of the country code is mandatory.
|
||
Use 'nombstr' in requests: nombstr stands for "no multibyte strings". Some SCEP endpoints have issues with UTF-8. To prevent this, you can enable this option to ensure that no UTF-8 strings are used in the domain name when generating the CSR. |
Domain-specific parameters (optional)
If the SEPPmail Secure E-Mail Gateway manages several email domains (Managed Domains), this option can be used to specify the Static subject part for each domain.
After saving the domain specific option via Save entries another input field appears in each case.
Parameters |
Description |
|||
|---|---|---|---|---|
Specifies the email domains for which the following parameters should be valid. Only domains which were also named when the application was submitted to the certification body, or which were later validated separately, may be entered.
|
||||
see Default parameters. |
||||
In this section, the parameters for authentication at the external certification authority are specified.
Parameters |
Description |
|---|---|
Password for transmitting a request to the external CA.
|
|
This function is used to integrate the certificate for signing the requests to the external certification authority (RA certificate). This RA certificate is usually issued explicitly by the external certification authority for the MPKI connection of the SEPPmail Secure E-Mail Gateway.
|
|
At this point, the root certificate of the certification authority to be externally connected is provided.
|
Settings for the automatic renewal of certificates.
|
The validity period of the certificates of the individual users can be found in the file user-stats.csv which comes with the Daily Report (see also Groups statisticsadmin). This is especially helpful if no automatic renewal of certificates has been set. |
Parameters |
Description |
|||
|---|---|---|---|---|
|
This option is inactive by default and pre-set to 30. Initiates the automatic renewal of certificates of active users (Users) if the remaining validity period is the set value. One pre-condition in this respect is that the corresponding user sends an email within the set overlap time. This prevents certificates from being obtained for "corpses" in the Users menu, including certificates subject to a fee, if applicable. The thus initiated process runs overnight (!).
|
|||
|
By default, this option is inactive. This function obtains a certificate for all existing active Users, who are not in possession of a valid (!) certificate, automatically overnight (!).
Active Users are users who have sent an email in the last 30 days and do not have the State inactive.
|
|||
The changes made are saved via the Save button.

