In this menu, the certificates available for S/MIME encryption are displayed as follows:
Column |
Description |
|---|---|
Displays the email address (RFC822 name) of the key owner. |
|
Displays the X.509 subject. |
|
Serial number of the certificate. |
|
Displays the fingerprint (hash) of the certificate. |
|
Specifies the validity of the certificate. Possible statuses are •"none", which means "OK". •REVOKED •EXPIRED •DISABLED |
|
Result of the OCSP/CRL check. Possible statuses are •OK •? •uncheckable •uncheckable (no supported CRL/OCSP mechanism) •revoked |
|
Issue date of the certificate in the form YYYY-MM-DD |
|
Expiration date of the certificate in the form YYYY-MM-DD |
Click on the email address to switch to the submenu with details of the certificate.
The input field with the Filter... button is used for searching for corresponding keys based on the characteristics indicated in the table. The search term is entered as a character string.
Clicking on the Import S/MIME certificate... button opens the submenu for the import of individual or several (bulk) certificates of communication partners.
The Advanced settings... button leads to the submenu of the same name, in which the - if necessary automated - cleaning of certificates is carried out.
|
If several valid certificates are available for a single recipient, the session key is encrypted with each of these certificates. |
|
S/MIME certificates are automatically collected from signed incoming emails, provided these certificates originate from a certification authority listed under X.509 Root Certificates with the status "trusted". Additionally, OpenPGP keys provided via the GINAportal as well as via the Key server are collected here. In general, however, no insecure certificates (SHA-1 and MD5, MD4, MD2) are imported. Thus the number of available encryption certificates - and thus the possibility for S/MIME encrypted communication with third parties - is constantly and automatically growing. |
