Auto add domain wide certs

Hi all,

djigzo automaticly sets up the cert and encryption for individual emails based on the email address in the cert.

Is there a way to do this for the whole domain?

Since we only planning on using domain to domain encryption it would save us quite some work at least until we have the central cert directory.

Best regards

Andreas Behr
Diplom Informatiker (FH)

Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn

Tel.: 0 68 81 / 9 36 29 - 70
Fax: 0 68 81 / 9 36 29 - 5 70

Email: andreas.behr(a)kraemer-it.de <mailto:andreas.behr(a)kraemer-it.de>
Homepage: kraemer-it.de <http://www.kraemer-it.de/&gt;

News To Use Letter
Klicken Sie hier, um sich jetzt anzumelden <http://www.kraemer-it.de/news/newsletter.shtml&gt;

Kennen Sie schon...
...unsere revolutionäre Netzwerk- und Serverüberwachung? server-eye.de <http://www.server-eye.de/&gt;
...unser einfach zu bedienendes und finanzamtfreundliches Fahrtenbuch? kfz-fahrtenbuch.de <http://www.kfz-fahrtenbuch.de/&gt;
...unsere einfache, sichere und schnelle Methode weltweit eine SMS zu verschicken? firmen-sms.de <http://www.firmen-sms.de/&gt;
...unsere schlaue Datensicherung ohne Kompromisse? schlauer-sichern.de <http://www.schlauer-sichern.de/&gt;

---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
                                                                           
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer

Andreas Behr - Krämer IT Solutions wrote:

Hi all,

djigzo automaticly sets up the cert and encryption for individual emails based on the email address in the cert.

Is there a way to do this for the whole domain?
  

I don't think so. You mean that Djigzo would encrypt all emails in the
example.com domain with a certificate for that domain? You can select a
signing certificate and an encryption certificate in the domain screen.
Does that work?

dagdag
Christine

···

Since we only planning on using domain to domain encryption it would save us quite some work at least until we have the central cert directory.

Best regards

Andreas Behr
Diplom Informatiker (FH)

Krämer IT Solutions GmbH
Alte Koßmannschule
Koßmannstraße 7
66571 Eppelborn

Tel.: 0 68 81 / 9 36 29 - 70
Fax: 0 68 81 / 9 36 29 - 5 70

Email: andreas.behr(a)kraemer-it.de <mailto:andreas.behr(a)kraemer-it.de>
Homepage: kraemer-it.de <http://www.kraemer-it.de/&gt;

News To Use Letter
Klicken Sie hier, um sich jetzt anzumelden <http://www.kraemer-it.de/news/newsletter.shtml&gt;

Kennen Sie schon...
...unsere revolutionäre Netzwerk- und Serverüberwachung? server-eye.de <http://www.server-eye.de/&gt;
...unser einfach zu bedienendes und finanzamtfreundliches Fahrtenbuch? kfz-fahrtenbuch.de <http://www.kfz-fahrtenbuch.de/&gt;
...unsere einfache, sichere und schnelle Methode weltweit eine SMS zu verschicken? firmen-sms.de <http://www.firmen-sms.de/&gt;
...unsere schlaue Datensicherung ohne Kompromisse? schlauer-sichern.de <Krämer IT Solutions GmbH - Das IT-Systemhaus im Saarland;

---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
                                                                           
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer

_______________________________________________
Users mailing list
Users(a)lists.djigzo.com
http://lists.djigzo.com/lists/listinfo/users

--
dagdag is just a two-character rotation of byebye.

Zitat von Andreas Behr - Krämer IT Solutions <andreas.behr(a)kraemer-it.de>:

Hi all,

djigzo automaticly sets up the cert and encryption for individual
emails based on the email address in the cert.

Is there a way to do this for the whole domain?

Since we only planning on using domain to domain encryption it would
save us quite some work at least until we have the central cert
directory.

domain certs) is not covered by any standard so you can only use
domain-certs with a Djigzo<--->Djigzo configuration. As this is a very
special case you really should configure it by hand.

Regards

Andreas

···

From my point of view this will not work because wildcard S/MIME (eg.

lst_hoe02(a)kwsoft.de wrote:

From my point of view this will not work because wildcard S/MIME (eg.
domain certs) is not covered by any standard so you can only use
domain-certs with a Djigzo<--->Djigzo configuration. As this is a very
special case you really should configure it by hand.

on both ends. I don't know what the plans are, I think the feature is
worthwhile and it shouldn't be too hard to implement. But then, the wish
list gets longer and longer :slight_smile:

dagdag
Christine

···

Regards

Andreas

--
dagdag is just a two-character rotation of byebye.

From my point of view this will not work because wildcard S/MIME (eg.
domain certs) is not covered by any standard so you can only use
domain-certs with a Djigzo<--->Djigzo configuration. As this is a very
special case you really should configure it by hand.

Yes, I understand, that domain<->domain encryption is a Djigzo thing, but then it should support it the way it supports normal certs.

---- Gesetzliche Pflichtangaben
Krämer IT Solutions GmbH
Koßmannstraße 7
66571 Eppelborn
                                                                           
Registergericht: Amtsgericht Saarbrücken, HRB 14379
Geschäftsführer: Michael Krämer

Zitat von Christine Karman <christine(a)christine.nl>:

lst_hoe02(a)kwsoft.de wrote:

From my point of view this will not work because wildcard S/MIME
(eg. domain certs) is not covered by any standard so you can only
use domain-certs with a Djigzo<--->Djigzo configuration. As this is
a very special case you really should configure it by hand.

on both ends. I don't know what the plans are, I think the feature
is worthwhile and it shouldn't be too hard to implement. But then,
the wish list gets longer and longer :slight_smile:

As far as i know site-to-site wildcard S/MIME works with today
releases but you have to manually configure it (no automatic
certificate selection) which should be the right thing todo or at
least the default. You should not have that many sites to configure
wildcard S/MIME to, as it would be the case for standard S/MIME (one
certificate per mail-address), and automatically choose a wildcard
certificate is somewhat error-prone. If someone sends you a wildcard
certificate for <your-bank>.com you don't want to apply it to all mail
directed there...
Furthermore i was under the impression that no well-known CA issues
wildcard S/MIME certificates anyway so you would have to "missuse"
server certificates or create your own??

Regards

Andreas