Configure Trust Center

You can configure a connection to the Trust Center and set up Automatic Certificate Generation for an LDAP address list.

Configure a Trust Center connection

  1. Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.

  2. In the Trust Center Authentication panel, click Click here to change these settings.

  3. Specify the Account Name and Product Name that will be used for communication with the Trust Center.

  4. Click Save.

  5. In the Trust Center Client Certificate panel, click Click here to change these settings.

  6. Select the Certificate and Private Key. These must be in PEM format.

     

    The private keyClosed The secret key kept on the sender's computer that the sender uses to digitally sign messages to recipients and to decrypt messages from recipients. Private keys should be password protected. and certificateClosed A digital means of proving your identity. When you send a digitally-signed message, you are sending your certificate and public key. Certificates are issued by a certification authority and can expire or be revoked. provided by SwissSign are in P12 format. They must be converted to PEM for use in Secure Email Gateway.

    To convert the key file format, run the following command:

    openssl pkcs12 -in my_key.p12 -out my_key.pem -nocerts -nodes

    • my_key.p12 is the path to the key provided by SwissSign.

    • my_key.pem is the output filename for the key to be uploaded into the Gateway.

    To convert the certificate file format, run the following command:

    openssl pkcs12 -in my_cert.p12 -out my_cert.pem -nokeys

    • my_cert.p12 is the path to the certificate provided by SwissSign.

    • my_cert.pem is the output filename for the certificate to be uploaded into the Gateway.

    When prompted for a password, enter the password for the key or certificate you are trying to convert.

  7. Specify a Passphrase and Confirm.

  8. Click Save.

  9. Apply the configuration.

Configure Automatic Certificate Generation

  1. Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.

  2. In the Automatic Certificate Generation panel, click Click here to change these settings.

  3. Select the Enable Automatic Certificate Generation check box and specify the Peer Gateway you want to generate certificates.

  4. Specify how many days before which an expiring certificate will be renewed. The default is 28, but you can enter any number of days between 0 and 365.

  5. Click Save.

  6. Apply the configuration.

LDAP Address Lists

See LDAP Attribute Mapping for more information.

Configure Certificate Details

 

As described in the Required information when configuring the Trust Center section, information you need to provide may vary, depending on the product type you have with SwissSign.

  1. Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.

  2. In the Certificate Details panel, click Click here to change these settings.

  3. Specify the Default Validity Period (1, 2 or 3 years) from the drop-down menu.

  4. Specify the Default Key Strength (2048, 3072 or 4096) from the drop-down menu.

  5. Specify the following fields. These values will be used when you did not specify them in the LDAP Attribute Mapping. They also work as a fallback when the attributes could not be retrieved.

    Default Common Name

    Default Given Name

    Default Surname

    Default Company

    Default Department

    Default State

    Default Country

    Note that the following are intended as general information only and subject to change.

      Silver account Gold account Gold account using pseudonym
    Default Common Name Leave empty Optional Optional
    Default Given Name Leave empty Optional Leave empty
    Default Surname Leave empty Optional Leave empty
    Default Company Leave empty Leave empty Leave empty
    Default Department Leave empty Leave empty Leave empty
    Default State Leave empty Leave empty Leave empty
    Default Country Select country Select country Select country

  6. Click Save.

  7. Apply the configuration.

Test a Trust Center connection

  1. Navigate to System > Encryption > Trust Center Configuration. The Trust Center Configuration page is displayed.

  2. In the task panel, click Test Trust Center Connection.

    • If the Trust Center is configured correctly and can be authenticated, a notification indicates that the connection is valid. Close the dialog to end.

    • If the Trust Center is not configured correctly, a notification indicates that authentication could not be validated. Reconfigure the connection and test it until it is successful.

 

If you change any configuration or policy settings, you must Apply Configuration for the new settings to take effect. You can do this either from the Changes Made panel, or System > ConfigurationApply Configuration. See Apply new configuration for more information.

If you use Peer Gateways (i.e. when multiple Gateways are peered), any configuration changes from a local Gateway can then be applied to all the peers at the same time. See Configure Peer Gateways for more information.

See also...