s/mime Domain Certificate

Hello,

how can I prevent S/Mime encryption with domain certificate using the personal certificate for signing?
In the domain settings, however, our domain certificate is selected for signing but the verification of the signature at the recipient is then incorrect.

With kind regards

Jürgen Weppert

attachment.htm (2.29 KB)

how can I prevent S/Mime encryption with domain certificate using the
personal certificate for signing?

In the domain settings, however, our domain certificate is selected for
signing but the verification of the signature at the recipient is then
incorrect.

No sure I understand the problem.

You have setup domain encryption for some external domain and selected a
signing key for your internal (sending) domain but you do not want the
outgoing email to be signed by with the domain. You want to sign with a
cert with matching email address?

Kind regards,

Martijn Brinkers

···

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088

Hello,

yes we have setup domain encryption for some external domains. But we do not want to sign with matching email address.
The email should only be signed with the selected cert in the "signing certificate selection page" oft he external domain.

Kind regards

Jürgen Weppert

···

-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers via Users <users(a)lists.ciphermail.com>
Gesendet: Donnerstag, 28. Mai 2020 13:25
An: users(a)lists.ciphermail.com
Cc: Martijn Brinkers <martijn(a)ciphermail.com>
Betreff: Re: s/mime Domain Certificate

how can I prevent S/Mime encryption with domain certificate using the
personal certificate for signing?

In the domain settings, however, our domain certificate is selected
for signing but the verification of the signature at the recipient is
then incorrect.

No sure I understand the problem.

You have setup domain encryption for some external domain and selected a signing key for your internal (sending) domain but you do not want the outgoing email to be signed by with the domain. You want to sign with a cert with matching email address?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com To unsubscribe send an email to users-leave(a)lists.ciphermail.com

yes we have setup domain encryption for some external domains. But we do not want to sign with matching email address.
The email should only be signed with the selected cert in the "signing certificate selection page" oft he external domain.

Unfortunately that is not possible at the moment. The gateway first
tries to use a signing certificate with matching email address and if it
finds a signing certificate which is valid, it will use it. This is by
default the most sensible option because it allows you to use signing
certs for some users for which there is a matching email address and for
the others, i.e., for which there are no individual signing certs, to
use the domain certificate. Changing this behavior requires some code
changes.

Kind regards,

Martijn Brinkers

···

On 28-05-2020 14:22, Weppert Juergen via Users wrote:

-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers via Users <users(a)lists.ciphermail.com>
Gesendet: Donnerstag, 28. Mai 2020 13:25
An: users(a)lists.ciphermail.com
Cc: Martijn Brinkers <martijn(a)ciphermail.com>
Betreff: Re: s/mime Domain Certificate

how can I prevent S/Mime encryption with domain certificate using the
personal certificate for signing?

In the domain settings, however, our domain certificate is selected
for signing but the verification of the signature at the recipient is
then incorrect.

No sure I understand the problem.

You have setup domain encryption for some external domain and selected a signing key for your internal (sending) domain but you do not want the outgoing email to be signed by with the domain. You want to sign with a cert with matching email address?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com To unsubscribe send an email to users-leave(a)lists.ciphermail.com
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com
To unsubscribe send an email to users-leave(a)lists.ciphermail.com

--
CipherMail email encryption
Email encryption with support for S/MIME,
OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088

OK. Thank you!

Kind regards

Jürgen Weppert

···

-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers via Users <users(a)lists.ciphermail.com>
Gesendet: Donnerstag, 28. Mai 2020 16:28
An: users(a)lists.ciphermail.com
Cc: Martijn Brinkers <martijn(a)ciphermail.com>
Betreff: Re: s/mime Domain Certificate

On 28-05-2020 14:22, Weppert Juergen via Users wrote:

yes we have setup domain encryption for some external domains. But we do not want to sign with matching email address.
The email should only be signed with the selected cert in the "signing certificate selection page" oft he external domain.

Unfortunately that is not possible at the moment. The gateway first tries to use a signing certificate with matching email address and if it finds a signing certificate which is valid, it will use it. This is by default the most sensible option because it allows you to use signing certs for some users for which there is a matching email address and for the others, i.e., for which there are no individual signing certs, to use the domain certificate. Changing this behavior requires some code changes.

Kind regards,

Martijn Brinkers

-----Ursprüngliche Nachricht-----
Von: Martijn Brinkers via Users <users(a)lists.ciphermail.com>
Gesendet: Donnerstag, 28. Mai 2020 13:25
An: users(a)lists.ciphermail.com
Cc: Martijn Brinkers <martijn(a)ciphermail.com>
Betreff: Re: s/mime Domain Certificate

how can I prevent S/Mime encryption with domain certificate using the
personal certificate for signing?

In the domain settings, however, our domain certificate is selected
for signing but the verification of the signature at the recipient is
then incorrect.

No sure I understand the problem.

You have setup domain encryption for some external domain and selected a signing key for your internal (sending) domain but you do not want the outgoing email to be signed by with the domain. You want to sign with a cert with matching email address?

Kind regards,

Martijn Brinkers

--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com To unsubscribe send
an email to users-leave(a)lists.ciphermail.com
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com To unsubscribe send
an email to users-leave(a)lists.ciphermail.com

--
CipherMail email encryption
Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull.

W: https://www.ciphermail.com/
E: info(a)ciphermail.com
T: +31 20 290 0088
_______________________________________________
Users mailing list -- users(a)lists.ciphermail.com To unsubscribe send an email to users-leave(a)lists.ciphermail.com