SMIME configuration

Begonnen von Fabian Seibt, 17.10.2017 16:33:10

⏪ vorheriges - nächstes ⏩

Fabian Seibt

For the installation of the SMIME-Encryption the following steps are necessary:

The use of SMIME with KIX is based on OpenSSL.
You have to install OpenSSL: http://dev.antoinesolutions.com/openssl

     1. Setup OpenSSL CA:
     see: https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html
    install of the CA
     CA.pl -newca

     2. Generate private keys and the public certificate:
     see: https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html
     certficate request
     CA.pl -newreq
    signate the certificate
     CA.pl -signreq

     3. Configure KIX for SMIME:
     SysConf → Crypt::SMIME

  •     SMIME → SMIME Support → Yes
  •     SMIME::Bin → location of OpenSSL → /usr/bin/openssl
  •     SMIME::CertPath → directory, where the SSL-certificates are saved → /opt/ssl/certs
  •     SMIME::PrivatePath → directory, in which the private SSL-certificate is stored → /opt/ssl/private
     The webserver-user needs write permissions to all of those directories.

     4. Import public certificate of own CA:
     - import public certificate of own CA by using admin-interface → SMIME
     You can find it in: /opt/ssl/certs

     5. Import the private key for KIX:
     - import private key by using admin-interface → SMIME
     You can find it in: /opt/ssl/private

     6. Import public certificate for customers:
     - setup customer-user → add public certificate
     - or import the public certificates by using the admin-interface → SMIME
     You can find the certificates in: /opt/ssl/certs

You have to exchange the public certificates on both sides, to decrypt the mails.
To encrypt the mail the private key of the return address and the public certificate of the recipient is needed.