KIX - Forum
Community => Anleitungen => Thema gestartet von: Fabian Seibt am 17.10.2017 16:33:10
For the installation of the SMIME-Encryption the following steps are necessary:
The use of SMIME with KIX is based on OpenSSL.
You have to install OpenSSL: http://dev.antoinesolutions.com/openssl
1. Setup OpenSSL CA:
see: https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html
install of the CA
CA.pl -newca
2. Generate private keys and the public certificate:
see: https://www.openssl.org/docs/man1.0.2/apps/CA.pl.html
certficate request
CA.pl -newreq
signate the certificate
CA.pl -signreq
3. Configure KIX for SMIME:
SysConf → Crypt::SMIME
- SMIME → SMIME Support → Yes
- SMIME::Bin → location of OpenSSL → /usr/bin/openssl
- SMIME::CertPath → directory, where the SSL-certificates are saved → /opt/ssl/certs
- SMIME::PrivatePath → directory, in which the private SSL-certificate is stored → /opt/ssl/private
The webserver-user needs write permissions to all of those directories.
4. Import public certificate of own CA:
- import public certificate of own CA by using admin-interface → SMIME
You can find it in: /opt/ssl/certs
5. Import the private key for KIX:
- import private key by using admin-interface → SMIME
You can find it in: /opt/ssl/private
6. Import public certificate for customers:
- setup customer-user → add public certificate
- or import the public certificates by using the admin-interface → SMIME
You can find the certificates in: /opt/ssl/certs
You have to exchange the public certificates on both sides, to decrypt the mails.
To encrypt the mail the private key of the return address and the public certificate of the recipient is needed.