For the installation of the SMIME-Encryption the following steps are necessary:
The use of SMIME with KIX is based on OpenSSL.
You have to install OpenSSL:
http://dev.antoinesolutions.com/openssl 1. Setup OpenSSL CA: see:
https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html install of the CA CA.pl -newca
2. Generate private keys and the public certificate: see:
https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html certficate request CA.pl -newreq
signate the certificate CA.pl -signreq
3. Configure KIX for SMIME: SysConf → Crypt::SMIME
- SMIME → SMIME Support → Yes
- SMIME::Bin → location of OpenSSL → /usr/bin/openssl
- SMIME::CertPath → directory, where the SSL-certificates are saved → /opt/ssl/certs
- SMIME::PrivatePath → directory, in which the private SSL-certificate is stored → /opt/ssl/private
The webserver-user needs write permissions to all of those directories.
4. Import public certificate of own CA: - import public certificate of own CA by using admin-interface → SMIME
You can find it in: /opt/ssl/certs
5. Import the private key for KIX: - import private key by using admin-interface → SMIME
You can find it in: /opt/ssl/private
6. Import public certificate for customers: - setup customer-user → add public certificate
- or import the public certificates by using the admin-interface → SMIME
You can find the certificates in: /opt/ssl/certs
You have to exchange the public certificates on both sides, to decrypt the mails.
To encrypt the mail the private key of the return address and the public certificate of the recipient is needed.