Managed Certificates

This feature is available if you have licensed Managed Certificates and NoSpamProxy Cloud Encryption.

NoSpamProxy Cloud can automatically manage the email certificates for your corporate domains.

Requesting managed certificates

You configure the enrolment for managed certificates through the automatic user import. See Automatic user import via Azure Active Directory.

To configure managed certificates for existing automatic user imports, proceed as follows:

  1. Go to Configuration > Automatic user import.
  2. Click the user import you want to configure.
  3. Switch to the Groups tab.
  4. Do one of the following:
    • Click Add and carry out the configuration as described under Automatic user import via Azure Active Directory or
    • click the respective group, go to the Certificate requests tab and tick the box Automatically request and manage S/MIME certificates.
  5. Click Save.
  • In order to request managed certificates for all users, you must have licensed a sufficient number of users. For example, if the added group contains more users than there are licences available, managed certificates will not be requested. In this case, the administrator receives a notification email.
  • In order for managed certificates to be requested for users, the user attribute email address must be stored for these users.
  • In Azure AD, the first name and surname attributes must be assigned for the email address.

Requested managed certificates are automatically uploaded to Open Keys.

When are managed certificates renewed?
Managed certificates are renewed 14 days before expiration of the respective certificate.

What type of certificates are managed certificates?
Managed certificates are Class 1 S/MIME certificates.

I have received an email containing information about a certificate. What do I have to do?
If managed certificates are issued to corporate users, these corporate users will receive notification of the issuance as well as when certificates expire. You can ignore this email because NoSpamProxy automatically issues and imports the certificates.

Video: Automated certificate management with Managed Certificates (German only)

Adding verified domains for Managed Certificates

NoSpamProxy Cloud can automatically manage the email certificates for your corporate domains. In order to use the Managed Certificates for domains, you must add these domains here.

  1. Go to Identities > Certificates > Verified domains for Managed Certificates.
  2. Click Add.
  3. Select the corporate domain for which you want to use Managed Certificates.
  4. Copy the displayed verification token to the clipboard.
  5. Create a TXT record in the DNS zone of the previously selected domain.
  6. Click Finish.

NOTE: The additional, annual domain check via TXT entry is required to activate the automatic key enrolment for domains. 30 days before the domain validation expires, the administrator receives a notification email with the subject "Domänenvalididierung für Managed Certificates auslaufen / Domain validation for Managed Certificates will expire".