This article explains how to transmit your own S/MIME certificates and PGP keys for email encryption to Hornetsecurity.
To use your own certificates and keys, certain formats must be followed. Only correctly provided certificates and keys can be stored and used for email encryption.
Requirements
Please ensure the following requirements are met:
- The Email Encryption module is activated for the customer.
- The desired encryption method, S/MIME or PGP, is activated.
- The certificates or keys are in a supported format.
Management of public S/MIME certificates is free of charge.
Fees apply for private certificates or keys. For more information about costs, please contact our sales team.
Public S/MIME Certificates
Public S/MIME certificates are usually imported automatically from the .p7m attachment of a signed incoming email.
S/MIME certificates can also be provided manually. Supported are, among others, public certificates with the following file extensions:
.crt.cer.der.pem
Private S/MIME Certificates
Private S/MIME certificates can be provided together with the public certificate as a key pair.
Supported are, among others, the following file extensions:
.pfx.p12.key.pem
If the S/MIME certificate or private key is password protected, the password must also be provided. The password can be given by phone or submitted in a text file.
The text file must be named according to the following scheme:
name@domain.tld.txtDomain Certificates for S/MIME
Domain certificates can also be provided for S/MIME. This applies to both public and private domain certificates.
Please explicitly indicate in your request if it concerns a domain certificate.
PGP Keys
For PGP, public and private keys can be provided.
Only certificates in .asc format are supported.
The public and private keys must be named according to the following scheme:
email@domain.tld.ascDomain Keys for PGP
Domain keys can also be provided for PGP. This applies to both public and private domain keys.
Please explicitly indicate in your request if it concerns a domain key.
Importing Public S/MIME Certificates via LDAP
Hornetsecurity can also query public S/MIME certificates via LDAP from public certificate directories. This allows public certificates to be used for outgoing encrypted email communication.
For setup, Hornetsecurity support requires an LDAP command with the appropriate connection data.
Format with password:
{@domain1.de},{@domain2.de},{domain3.de}:ldap:{repositoryaddress.tld};{user};{password};mail=RECIPIENT userCertificateFormat without password:
{@domain1.de},{@domain2.de},{domain3.de}:ldap:{repositoryaddress.tld};{user};;;mail=RECIPIENT userCertificateAttention!
For provided public PGP keys as well as for non-S/MIME users in S/MIME, an encryption rule for outgoing messages must also be defined. A corresponding explanation can be found here. Decryption happens automatically.
Submission to Hornetsecurity Support
Please send the certificates, keys, and required information to Hornetsecurity Support.
Also let us know the number of certificates or keys to be integrated.
Depending on the scope, a lead time of several days may be required.