ChipherMail Built-In CA as Intermediate CA

Hi all,

I would like to use my own CA infrastructure I have and connect the ciphermail system.

First I thought, maybe I can request SMIME certificates with a request handler to connect my Windows CA and get certificates automatically using my Windows CA. But I guess this is not possible or if, not that easy.

So I come to the new idea, to use my Windows root CA as base and connect the built-in ciphermail CA as intermediate CA to my Windows root CA.
Means:

  • ciphermail creates a private key and request files (for CA)
  • I create the certificate using my Windows CA and install it into the ciphermail system
  • with this the built-in CA of ciphermail can create and manage all mail encryption certificates by it’s own

Unfortunately I didn’t find any way how to do it. Even the location of such files or configuration.
Would be really great if someone could help or has any idea how to do so.

Thank you!

Try the following:

  1. Create a root and intermediate (with private key) on Windows root CA
  2. Export the root certificate (without private key)
  3. Export the intermediate with private key (as a pfx/p12 file)
  4. Import the root certificate into the root store of the CIpherMail gateway
  5. Import the intermediate (with private key) into the certificate store of the CIpherMail gateway
  6. Select the intermediate as the issuer CA

You should be able to issue certificates issued by the intermediate cert from the CipherMail GUI

1 Like

Works great. Amazing! Thank you very much!

Just another two questions:

  • Can the defaults (like Organization, Country) for an automatically created certificate be defined, anyhow?
  • Can outbound, already signed (eg. by Outlook) messages be re-signed (replace) with the signature of ciphermail?

Thank you very much!