Autor Thema: SMIME configuration  (Gelesen 3085 mal)

Fabian Seibt

  • Global Moderator
  • Beiträge: 189
SMIME configuration
« am: 17.10.2017 16:33:10 »
For the installation of the SMIME-Encryption the following steps are necessary:

The use of SMIME with KIX is based on OpenSSL.
You have to install OpenSSL:

     1. Setup OpenSSL CA:
    install of the CA -newca

     2. Generate private keys and the public certificate:
     certficate request -newreq
    signate the certificate -signreq

     3. Configure KIX for SMIME:
     SysConf → Crypt::SMIME
  •     SMIME → SMIME Support → Yes
  •     SMIME::Bin → location of OpenSSL → /usr/bin/openssl
  •     SMIME::CertPath → directory, where the SSL-certificates are saved → /opt/ssl/certs
  •     SMIME::PrivatePath → directory, in which the private SSL-certificate is stored → /opt/ssl/private
     The webserver-user needs write permissions to all of those directories.

     4. Import public certificate of own CA:
     - import public certificate of own CA by using admin-interface → SMIME
     You can find it in: /opt/ssl/certs

     5. Import the private key for KIX:
     - import private key by using admin-interface → SMIME
     You can find it in: /opt/ssl/private

     6. Import public certificate for customers:
     - setup customer-user → add public certificate
     - or import the public certificates by using the admin-interface → SMIME
     You can find the certificates in: /opt/ssl/certs

You have to exchange the public certificates on both sides, to decrypt the mails.
To encrypt the mail the private key of the return address and the public certificate of the recipient is needed.