Initial situation:
The communication partner requires an S/MIME certificate with certificate chain (issuer) for domain encryption. However, the self-generated certificate of the Managed domain does not contain an issuer, or the root CA certificate for "Secure E-Mail Gateway Domain Certificates CA (non-validated)" cannot be provided.
Question:
Can the SEPPmail Secure E-Mail Gateway also generate domain certificates from its own issuer?
Answer:
Yes. For this purpose, the CA is first set up within the SEPPmail Secure E-Mail Gateway. Every domain certificate created thereafter is issued by this CA and thus contains it as the issuer.
This means that, for the setup of the domain encryption, the communication partner must be provided with both the domain certificate created after the CA is set up (see also Domain encryption with a third-party system) as well as the root certificate of the internal CA.
It is possible that the root certificate of the CA can also be supplied via the GINA interface, like the domain certificates (see Extended settings Publish local CA certificate on the search page to allow recipients to perform S/MIME signature verification).
Alternatively, a purchase certificate of an accredited CA could also be integrated in the detailed settings of the respective Managed domain under S/MIME domain encryption and made available to the communication partner.
