Article ID: 1067, created on Oct 6, 2008, last review on Jan 20, 2015

  • Applies to:
  • Odin Business Automation Standard 4.5

Resolution

In PBAS you can setup email S/MIME signing for all automatically created emails. For that purpose you need to have valid certificate for S/MIME signing.

If you already have required certificate you need to proceed following steps:

1. First of all you need to convert your certificate to PEM format (if needed) and create a private key for certificate. There are variety of tools and methods for achieving this, you can use any of them.

Here is an example for .p12 (PKCS#12 files, sometimes referred to as PFX files):

Import all certificates to PEM format from cert.p12 file and create a private key for them:

# openssl pkcs12 -in cert.p12 -nodes -out server.crt

Please use password provided to you by issuer, if you would be asked.

Now, from the beginning of the server.crt file private key is located, it looks like:

Bag Attributes
    friendlyName: ...
    localKeyID: ...
Key Attributes: ...
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

you need to move this key part to another file (for example server.key)

Please make sure that server.crt contains only the appropriate certificate. There can be more than one certificate in server.crt. Please make a copy of server.crt and remove all certificates but the one whose localKeyID corresponds to the localKeyID of the private key you moved to server.key.

Now you have your certificates located in server.crt file, key is in server.key file.

2. Please, check if your certificate is valid for S/MIME signing:

# openssl verify -verbose -purpose smimesign -CAfile cert.ca cert.cl cert.cl: OK

where

cert.ca  -- file with CA certificates;

cert.cl  -- file with client certificate.

If you have another (not OK) result, please check manual for error codes' explanations.

3. Install your certificate: under "Top > Configuration Director > Miscellaneous Settings > E-Mail Setup" click on the "Edit" button, check "Sign all e-mail messages" and specify certificate server.crt and private key server.key filenames.

Search Words

smimesign

S/MIME

localKeyID

Sign all e-mail messages

S-Mime email

400e18f6ede9f8be5575a475d2d6b0a6 caea8340e2d186a540518d08602aa065 624ca542e40215e6f1d39170d8e7ec75 70a5401e8b9354cd1d64d0346f2c4a3e

Email subscription for changes to this article
Save as PDF