Automatically get certificates from different CAs

Signature Management

In addition to email encryption, SEPPmail also supports RFC-compliant signing for sent messages with the eponymous Secure Email Gateway. This confirms both the message’s integrity and the sender’s authenticity. The sender’s public key is also transmitted with the signature. This is required to encrypt emails addressed to the original sender (encrypted reply).

Certificate generation

The company-wide rollout of certificates is typically associated with a great deal of administrative effort. Certificates must be requested for each user and installed on the relevant client. To simplify the administrative effort involved in creating digital signatures or rolling out certificates, SEPPmail relies on the integration of different certification authorities (CAs). This allow the entire PKI (“public key infrastructure”) process to be significantly sped up. The only thing that has to be defined is the people needed to sign emails – any further steps are carried out automatically by SEPPmail. This is how the gateway requests a certificate from the accredited certification bodies the first time the user sends an email. The email is then automatically signed in the user’s name, thus confirming its origin and integrity.

When obtaining a certificate using a Managed PKI (MPKI), the key pair is generated on the SEPPmail Appliance and the public key is sent to the trustworthy certification authority for signing. The sensitive private key does not leave the Secure Email Gateway and is in a secure area, just like all of the key material.

Automatic signature

SEPPmail allows outgoing emails to be signed automatically. This can be done for all outgoing messages from a sender or can take place selectively (based on a client-specific ruleset and LDAP lookup if certain conditions are met).

Manual signature

Signing an outgoing email can also be forced manually using the Outlook add-in or using a command in the email subject line.