Using individual S/MIME certificates
iQ.Suite Tips & Tricks for Microsoft Exchange / SMTP
iQ.Suite Crypt is normally used in conjunction with S/MIME for
management of global company certificates. But individual certificates
issued by official trust centres can be used too. And this is how you do
Step by Step:
- You first need to have your individual certificate as a .pfx file.
- Now create a sub-directory under
...grpdata/smimedata/derived_certs for your individual certificate. The
name of the directory must always be the first 2 letters of the e-mail
address. The character "_" must always appear both before and after the
Example: Email address firstname.lastname@example.org = directory name "_fr_")
- Now copy the individual certificate to the directory you have just created. If need be, rename the certificate to "_firstname.secondname_40domain.com.pfx" (e.g._frederic.test_40test.com.pfx).
- Now create a copy of the existing S/MIME crypt engine that you use for the company certificate.
- The paths to "root certificate" and "company certificate" can stay as they are.
- In the "company password" field, enter the password of the individual certificate.
- In the "parameter" field of the "S/MIME Options" tab, you now need to delete the entries "--issuer=[f_issuer_cert]" and "--issuerpassword=[f_issuer_password]".
- Now add the value "--recipients=[p_ENCRYPTORS]" to the variable "I_OP_MIME_DECRYPT" in the "variables" tab.
- You can now assign the new crypt engine to the respective crypt job (e.g. decryption).