Please enable JavaScript to view this site.

This submenu is called up from X.509 Root Certificates.

 

Sections on this page:

Issued to

Issued by

Validity

Fingerprint

Key usage

Key info

Comment

 

 

anchor link Section Issued to

 

This section displays information about the owner of the CA certificate.

Depending on the certificate, not all parameters listed here must be given.

 

Parameters

Description

anchor link Name (CN)

Specifies the name of your own certification authority

anchor link Email address

As a rule, the email address of the administrator of your own certification authority or their department is entered.

anchor link Org. unit (OU)

Organisational unit, such as a department name, e.g. "Security"

anchor link Organisation (O)

Specifies the organisation for which the certificate was issued, for example "Company"

anchor link Locality (L)

Location, for example a town like "Neuenhof"

anchor link State (ST)

Federal state, canton, province or similar, for example "AR" for "Appenzell Ausserrhoden"

anchor link Country (C)

Country, for example "CH" for "Switzerland"

anchor link (Serial No.)

Serial number of the certificate

 

 

anchor link Section Issued by

 

This section displays information about the issuer of the CA certificate (root certificate).

Depending on the issuer, not all parameters listed here have to be given.

 

Parameters

Description

anchor link Name (CN)

Name of the issuing certification authority

anchor link Email address

Generally, this is an email address for support enquiries to the issuer

anchor link Org. unit (OU)

Specifies an organisational unit of the issuer

anchor link Organisation (O)

Specifies the issuing organisation

anchor link Locality (L)

Indicates the location of the issuer

anchor link State (ST)

Indicates a federal state, canton, province or similar where the issuer is located

anchor link Country (C)

Specifies the country where the issuer is located

 

 

anchor link Section Validity

 

Specifies the validity of your own CA certificate.

 

Parameters

Description

anchor link Issued on

Issue date of the certificate

anchor link Expires on

Expiration date of the certificate

 

 

anchor link Section Fingerprint

 

The fingerprint is the checksum (also hash) and is used to verify a certificate. At this point, the hash algorithm (for example MD5 SHA1 or SHA256) with which the checksum was formed as well as the calculated value are displayed. If several fingerprints of different algorithms are available, each one is output in a separate line.

 

Parameters

Description

anchor link SHA1

SHA1 fingerprint of the certificate

Example:

D8:CF:CC:47:84:92:A9:F0:7E:2A:15:E8:2E:4F:CA:26:5C:60:10:E9

anchor link SHA256

SHA265 fingerprint of the certificate

Example:

83:06:F6:84:34:C2:E7:79:50:47:7B:EC:32:B7:22:13:FD:1F:9C:41:B4:B4:F9:C3:AB:85:12:AA:6B:1E:D2:BE

 

 

anchor link Section Key usage

 

Displays the intended purpose of the certificate, taking only the purposes from the following table into account.

Possible statuses are "Yes" or "No".

 

Parameters

Description

anchor link S/MIME signing

digitalSignature/digital signature

anchor link S/MIME encryption

keyEncipherment/key encryption

anchor link S/MIME CA certificate

keyCertSign/certificate signature

anchor link SSL server CA certificate

keyCertSign/certificate signature

anchor link SSL client CA certificate

keyCertSign/certificate signature

 

 

anchor link Section Key Info

 

Displays advanced information about the certificate.

 

Parameters

Description

anchor link Signature algorithm

Shows the signature algorithm of the certificate, for example

md5WithRSAEncryption

sha1WithRSAEncryption

sha256WithRSAEncryption

anchor link Last certificate check

Displays the point in time of the last certificate check (via CRL or OCSP).

With Check now... you can force an immediate check of the revocation information.

anchor link Last check result

Displays the result of the last certificate check.

anchor link OCSP URI

Outputs the authority information access (abbreviated AIA) - i.e. the OCSP path.

This item is only visible if the extension authority information access is set in the certificate.

anchor link CRL URI

Outputs the crlDistributionPoint (distribution point for revocation lists), i.e. the location under which the CRL is made available.

This item is only visible if the extension crlDistributionPoint is set in the certificate.

 

 

anchor link Section Comment

 

Here, you can enter a personal comment about the certificate, for example why the corresponding trust position was selected.

Click Save comment to save this comment.

 

Clicking the Download certificate button allows you to save the certificate in CRT format.

 

Depending on the trust status, either the Trust this certificate button, which confirms trust in the certificate, or the Untrust this certificate button, which rejects trust, will be available.

 

hint

anchor link Note:

 

The criteria to be applied when expressing trust should be taken from the company policy.

The following list of questions could be helpful when creating a corresponding policy:

 

Is the certification authority (CA) known and reputable?
Only trust certification authorities with proven reliability and security.

Have you read the official CPS/CP (Certificate Practice Statement/Certificate Policy)?
This document describes the certification authority's procedures and guidelines for issuing and managing certificates.

Are the signature algorithm and key length sufficiently strong?
Look for modern, robust algorithms (e.g. SHA-256 or higher) and appropriate key lengths (e.g. RSA 2048-bit or higher or secure ECC curves).

Is the certificate currently valid?
Check that the ‘Not before’ and ‘Not after’ dates are current.

Are the basic restrictions set correctly (cA=TRUE)?
This is crucial; it confirms that the certificate is a certification authority and can issue other certificates.

Are the key usage flags (keyCertSign, cRLSign) set correctly?
These flags indicate the permitted uses of the certificate, in particular for signing other certificates and certificate revocation lists.

Is there a valid CRL distribution point (CDP)?
A functioning CDP URL is essential for checking the revocation status of certificates issued by this certification authority.

Have you compared the fingerprint (hash) with the official source?
This is an important step to ensure the integrity and authenticity of the certificate and protect it from tampering.

Do you understand why you need to add this root certificate manually and what risks are involved?
Manual trust should only be configured when necessary and with consideration of the security risks.

 

 

With Delete certificate, the certificate is deleted from the SEPPmail Secure E-Mail Gateway. If, subsequently, an email which has been signed with a key of this certification authority is received, the certificate will be saved again with the trust status "?" in the appliance.

 
  

Keyboard Navigation

F7 for caret browsing
Hold ALT and press letter

This Info: ALT+q
Topic Header: ALT+t
Topic Body: ALT+b
Contents: ALT+c
Search: ALT+s
Exit Menu/Up: ESC