Create, edit, copy or delete a key server query
When automatic encryption is enabled, Secure Email Gateway searches the certificate
A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. store for a public key The key a sender gives to a recipient so that the recipient can verify the sender's signature and confirm that the message was not altered. Recipients also use the public key to encrypt email messages to the sender. to use for encryption. Key Server Query enables the
You can configure the
Create a key server query
-
Navigate to System > Encryption > Key Server Queries. The Key Server Queries page is displayed.
-
In the Key Server Queries panel, click
New. Alternatively, click New key server query in the task panel. The Modify Key Server Query page is displayed.By default, the new query is populated with typical port numbers and query details. -
In the Overview panel, click Click here to change these settings. Edit the Name and Notes of the key server query as required, and click Save.
-
In the Server Connection panel, click Click here to change these settings.
Configure the following:
-
Server type: From the drop-down menu, select a protocol (LDAP, LDAPS, HTTP or HTTPS) to use.
-
Key Server: Enter a host name or an IP address of the key server.
-
Port: This field is automatically populated when you have selected the Server type. You can modify it if required.
Server Type Port LDAP 389 LDAPS 636 HTTP 11371 HTTPS 443 -
User name: Enter an authentication user name for the key server. If anonymous access is allowed, leave this field blank.
-
Password: Enter an authentication password for the key server. If anonymous access is allowed, leave this field blank.
Click Save.
-
-
In the Key Server Query Details panel, click Click here to change these settings.
If your Secure Email Gateway is operating in FIPS mode, you will not be able to modify the key type and the key server request will return S/MIME
Secure Multipurpose Internet Mail Extensions (S/MIME) is a specification for secure email messages that uses the X.509 format for digital certificates and uses various encryption algorithms such as 3DES. keys only.If you have selected either LDAP or LDAPS protocol in the Server Connection panel, configure the following:
-
Key Type: From the drop-down menu, select a key type (S/MIME or PGP) you would like the request to return.
-
LDAP Search root: Enter a search root, such as
ou=test,dc=domain,dc=com. However, this may vary depending on the certificate provider you use. -
LDAP filter: You can modify it if required. Tokens such as %EMAIL%, %LOCAL% and %DOMAIN% are supported, however, syntax may vary depending on the certificate provider you use.
If you have selected either HTTP or HTTPS in the Server Connection panel, configure the following:
-
Key Type: From the drop-down menu, select a key type (S/MIME or PGP) you would like the request to return.
-
HTTP path: Enter an http path. The path needs to be checked with the certificate provider you use.
-
HTTP parameters: You can modify it if required. Tokens such as %EMAIL%, %LOCAL% and %DOMAIN% are supported, however, syntax may vary depending on the certificate provider you use.
The LDAP Search root and LDAP filter, or the HTTP path and HTTP parameters settings control how the Click Save.
-
-
Apply the configuration.
| Key server queries can only operate when enabled in the Encryption/Decryption Defaults page, or on a Mail Encryption Endpoint. |
|
In the Key Server Queries panel, a green check mark |
indicates that a query is currently in use. A gray check mark 
indicates that a query is currently not used.Edit a key server query
-
Navigate to System > Encryption > Key Server Queries. The Key Server Queries page is displayed, listing the existing key server queries.
-
Select the key server query you wish to modify and click
Edit. The Modify Key Server Query page is displayed. -
Modify the Overview, Server Connection and Key Server Query Details panels as required. Click Save on each panel to save your changes.
-
Apply the configuration.
Copy a key server query
-
Navigate to System > Encryption > Key Server Queries. The Key Server Queries page is displayed, listing the existing key server queries.
-
Select the key server query you wish to copy and click
Copy. A copy of the key server query is created and added to the Key Server Queries panel. Copied queries have a suffix "Copy" added to the original name. -
Edit the copied key server query as required.
-
Apply the configuration.
Delete a key server query
-
Navigate to System > Encryption > Key Server Queries. The Key Server Queries page is displayed, listing the existing key server queries.
You cannot delete a key server query if it is currently in use. You first need to disable the query before attempting to delete it. -
Select the key server query you wish to delete and click
Delete. -
Click Yes in the Confirm Delete dialog to confirm the removal.
-
Apply the configuration.
|
If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > Configuration > Apply Configuration. See Apply new configuration for more information. If you use |