Managing certificates

In NoSpamProxy you can request and revoke certificates via a managed PKI of an external certificate provider. In addition, you can upgrade certificates to a domain certificate - also called a gateway certificate - for company domains or partner domains. If there is no own certificate for the recipient or sender, all emails are encrypted, decrypted or signed with a domain certificate , depending on the certificate and direction.

NOTE:

The following requirements must be met:

  • NoSpamProxy Encryption is licensed.
  • A certificate provider is set up (for requesting and revoking).
  • The certificate can be used for the entire company (to upgrade the certificate)
TIP:

Note for Managed Service Providers

Make sure that you assign sufficient Managed Certificates for the tenants managed by you if a Managed PKI is also to be connected. Otherwise, an error message will be displayed.

Requesting certificates (manually via user)

  1. Go to Identities > Corporate users > Corporate users.
  2. Highlight the contact.
  3. Click Request cryptographic keys for the marked users and follow the instructions in the dialogue.

Requesting certificates (automatically via a user group)

  1. Go to Identities > Corporate users > Corporate users.
  2. Click Automatic user import.
  3. Highlight the Active Directory import concerned and click Edit.
  4. On the Groups tab, select the Active Directory group and click Add.
  5. In the dialogue Auto enrolment, select the appropriate provider and confirm.

NOTE: With every Active Directory import (according to schedule or started manually), it is checked whether a new certificate is required for a user in the group.

Revoking certificates

  1. Go to Identities > Corporate users > Corporate users.
  2. Highlight the contact and click Modify.
  3. On the Email addresses tab, select the email address with the certificate and click Modify.
  4. On the tab Certificates, select the certificate that is to be revoked.
  5. Click Revoke.
  6. Follow the instructions in the dialog.

Upgrading certificate for partner domain

NOTE: Upgrading a certificate results in it being used for an entire company. The other party must always support this and allow the certificate to be used for this purpose. If you have any questions about the certificate, please contact the issuing authority.

  1. Go to Identities > Partners.
  2. Select the partner domain and click Modify.
  3. On the User Entries tab, highlight the user with the domain certificate and click Modify.
  4. On the Certificates tab, highlight the certificate you want to upgrade and click Upgrade to Domain Certificate.
  5. Follow the instructions in the dialog.

After upgrading, the certificate can no longer be found in the user entry, but on the tab Domain entry under End-to-end encryption > Edit on the tab Certificates.

Upgrading a certificate for corporate domain

  1. Go to Identities > Corporate users > Corporate users.
  2. Highlight the contact and click Modify.
  3. On the Email addresses tab, select the email address with the certificate and click Modify.
  4. On the tab Certificates, select the certificate that is to be upgraded.
  5. Click Upgrade to Domain certificate.
  6. Follow the instructions in the dialog.

After upgrading, the certificate can no longer be found in the contact, but under Corporate domains in the affected domain on the tab Certificates.