Internal Certificate Authority

An Internal Certificate Authority can be used to create certificates for internal and external recipients for the purposes of S/MIME encryption and message signing. The certificate generated by the internal CA are not trusted, therefore you must instruct the external recipients of your messages to trust your Internal CA in their clients.

Alternatively, instead of using certificates generated by the internal CA, you can import certificates from a trusted 3rd party Certificate Authority for both internal and external recipients.

Add Internal Certificate Authority

Under the Certificate Authority Common Name field, enter the name you wish to assign to the internal CA.
Under the Certificate Authority Certificate Validity in Years field, select the length of time you wish the Certificate Authority to remain valid. We recommend you leave this setting at the default 5 years.
Under the Certificate Authority Certificate Key Length select the key length you wish to use. We recommend you leave this setting at the default 4096-bits.
Under the Organization/Company Name enter the name of your organization.
Under the Organization Unit field enter the name of your organization unit.
Under the Organization State/Province field enter the name of of the organization state/province
Under the Organization Country Code field enter the two letter code for your organization country. Example, for United States simply enter US.
Click the checkbox under the Make Default field, if you wish to make this Certficate Authority the defalt CA. By default, the first CA that gets created becomes the default CA.
Click the Save Settings button (Figure 1).

Figure 1

Each Internal Certificate Authority you add shows up in the Edit/Delete Existing Internal Certificate Authorities section (Figure 2).

Figure 2

Continue adding Internal Certificate Authorities as needed.

Set Internal Certificate Authority as Default

Under the Edit/Delete Existing Internal Certificate Authorities place a checkmark under the Default column of the Internal Certificate Authority you wish to set as default. The system will automatically set the Certificate Authority as the default (Figure 3).

Figure 3

Delete Internal Certificate Authority

Default Internal Certificate Authorities or Internal Certificate Authorities that have been used to issue certificates to Internal or External Recipients cannot be deleted. In those cases you must either set another Internal CA as the default and/or you must first remove the Internal Recipients under Gateway --> Internal Repients and the External Recipients under Encryption --> External Recipient Encryption which will also remove any certificates assigned to those recipients. Please note, you do not have to remove all internal or external recipients, only the recipients that have certificates assigned to them by the Internal Certificate Authority you wish to delete.

If an internal Certificate Authority cannot be deleted, the Delete column of that entry will contain a icon. Otherwise, if it can be deleted, the Delete column of that entry will contain a icon.

Under the Edit/Delete Existing Internal Certificate Authorities click the icon of the Internal Certificate Authority you wish to delete.
On the confirmation page, click on the YES button to delete the Internal CA or click the NO button to cancel.

Figure 4

You will be returned to the Internal Certificate Authority Page

Introduction

Getting Started

Upgrade and Migrate Hermes SEG 18.04 to 20.04

Requirements and Recommendations

OVA/Hyper-V Appliance URL and Default Credentials

Hermes SEG E-mail Flow

Encryption

AD Integration

Admin Authentication

Admin Console Firewall

Network Settings

Console Settings

Mail Queue

System Logs

System Backup

System Certificates

System Restore

System Settings

System Status

System Update

System Users

Email Archive

System Reboot & Shutdown

SMTP TLS Settings

Relay Host

Relay Domains

Relay IPs & Networks

Internal Recipients

Virtual Recipients

Perimeter Checks

RBL Configuration

Network Block/Allow

Sender to Recipient Block/Allow List

Global Sender Block/Allow List

SPF Settings

DKIM Settings

Antivirus Settings

Antivirus Signature Feeds

Antivirus Signature Bypass

Antispam Settings

Custom Antispam Filter Tests

Initialize Pyzor

Initialize Vipul's Razor

Clear Bayes Database

Custom File Extensions

Custom File Expressions

Message Rules

File Rules

SVF Policies

Message History

Internal Certificate Authority

PGP Key Servers

Encryption Settings

Internal Recipients Encryption

External Recipients Encryption

Internal Certificate Authority

Add Internal Certificate Authority

Set Internal Certificate Authority as Default

Delete Internal Certificate Authority