On 18-10-18 12:12, Marc Patermann via Users wrote: > Hi, > > is there a setting to see information about the cert that is actually > used to encrypt to a message? > > Background: > > Domain example.com uses user specific certs. If a user sends a signed > mail, ciphermail stores the cert as expected. > > Sending S/MIME encrypted mails to a user at example.com depends if there > is a the stored cert. > > Now we like to set up domain-domain-encryption. > example.com send a cert for the domain. > I created a domain in ciphermail and enabled the domain cert they send. > Now mails to every user at example.com can be send encrypted - with the > domain cert. > > Users at example.com complain that they cannot decrypt the mail. > > Is there any precedence of user cert to domain cert in ciphermail? > > Information what cert ciphermail actually used to encrypt the message is > needed.
Outgoing email will be S/MIME encrypted with all valid certificates for the user. If a domain certificate has been setup for the recipient and the certificate is valid, the email will be encrypted with the domain certificate. If the user also has a personal certificate (i.e., issued for his/her email address), then the email will *also* be encrypted with the user certificate (i.e., the email will be encrypted with the domain certificate *and* the personal certificate). The gateway dynamically finds the certificates for a recipient (i.e., it will check the domain and check if there is a personal certificate). If you want to see which certificates are available for a recipient, you need to add this recipient first. The click on the details for the recipient (click on the email address). On the "Edit user: .." page, click S/MIME and then from the pull down menu, select "encryption certificates". You should now get an overview of all the S/MIME certificates for the recipient. Certificates are colored depending on whether the certificate is valid, auto selected, inherited etc. Green means the certificate is valid and auto selected (only if the email address matches). Yellow means it's inherited (from the domain). See the following page for more information https://www.ciphermail.com/documents/html/administration-guide/#pf3b What is important to know is that a certificate will only be used if the certificate is trusted. Kind regards, Martijn Brinkers -- CipherMail email encryption Email encryption with support for S/MIME, OpenPGP, PDF encryption and secure webmail pull. https://www.ciphermail.com Twitter: http://twitter.com/CipherMail _______________________________________________ Users mailing list [email protected] https://lists.ciphermail.com/mailman/listinfo/users
