Certificate Store

The Certificate Store page is divided into several tabs, based on the type of certificates and how they are used.

About

Certificate Authorities

This tab contains S/MIME Secure Multipurpose Internet Mail Extensions (S/MIME) is a specification for secure email messages that uses the X.509 format for digital certificates and uses various encryption algorithms such as 3DES. signing certificates.

Signing certificates are used to verify the other certificates that are used to encrypt, decrypt, and sign email messages passing through Secure Email Gateway.

Corporate

This tab contains the S/MIME and PGP certificates that belong to your organization.

The private keys contained within the Corporate certificates are used to do the following on behalf of the people in your organization:

Decrypt incoming email messages
Sign outgoing email messages

Partners

This tab contains the S/MIME and PGP certificates that belong to the people and organizations that you do business with.

The public keys contained within the Partners certificates are used to do the following:

Encrypt email messages sent to your partners
Verify the digital signatures of email messages received from your partners

Configuration

This tab enables you to:

Configure the Gateway to run validation checks on the certificates in your certificate A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. store.

You can schedule a daily certificate validation check, or use Run checks in the task panel to run the check immediately.

Certificate validation checks might take several hours to complete depending on the size of the certificate store. We recommend scheduling the check to run at an off-peak time.

Details of the checks are reported in the Certificate Store log.

Use expired or suspicious certificates, if applicable.

You can specify that the Gateway does not use "expired" or "suspicious" certificates. A suspicious certificate is defined as any certificate for which the Gateway has been unable to download the Certificate Revocation List for three consecutive days.

By default, the Gateway does not use revoked certificates. However, you can override this setting for individual certificates using the Override Warnings option.
Use other types of certificate, if applicable.

You can also specify that the Gateway does not use any of the following types of certificate:
- Certificates that are valid for more than 3 years
  
  These certificates span more than three years between the Valid From and Valid To dates. The validation is not connected to either expiry dates or the current date.
- Self-signed certificates
  
  A self-signed certificate is signed with the same entity whose identity it certifies.
- Certificates with no CRL information
  
  These certificates are defined as certificates with no CDP (CRL Distribution Point).
- Certificates with incorrect key usage
  
  Certificates with incorrect key usage lack either the "digitalSignature" or "keyEncipherment" properties.
- Certificates with a missing CA
  
  These certificates do not have a CA present on the Gateway.

Search Criteria

Use the Search Criteria panel to find a particular certificate or set of certificates. You can search for certificate details including Company Name, Issuer, Serial Number, and Expiry Date, in each of the Certificate Stores. You can also search for any certificates with warnings, or a certificate with a warning that has already been overridden.

Certificate overrides

If you have selected to not use expired or suspicious certificates, you can override this setting for an individual certificate. You can also override a revoked certificate.

Search for the certificate you want to override.
Select the appropriate certificate from the search results.
Click Override Warnings.