Internal Certificate Authority An Internal Certificate Authority can be used to create certificates for internal and external recipients for the purposes of S/MIME encryption and message signing. The certificate generated by the internal CA are not trusted, therefore you must instruct the external recipients of your messages to trust your Internal CA in their clients. Alternatively, instead of using certificates generated by the internal CA, you can import certificates from a trusted 3rd party Certificate Authority for both internal and external recipients. Add Internal Certificate Authority Under the  Certificate Authority Common Name  field, enter the name you wish to assign to the internal CA. Under the  Certificate Authority Certificate Validity in Years  field, select the length of time you wish the Certificate Authority to remain valid. We recommend you leave this setting at the default 5 years. Under the  Certificate Authority Certificate Key Length  select the key length you wish to use. We recommend you leave this setting at the default 4096-bits. Under the  Organization/Company Name  enter the name of your organization. Under the Organization Unit field enter the name of your organization unit. Under the  Organization State/Province  field enter the name of of the organization state/province Under the  Organization Country Code  field enter the two letter code for your organization country. Example, for United States simply enter  US . Click the checkbox under the  Make Default  field, if you wish to make this Certficate Authority the defalt CA. By default, the first CA that gets created becomes the default CA. Click the  Save Settings  button ( Figure 1 ). Figure 1 Each Internal Certificate Authority you add shows up in the  Edit/Delete Existing Internal Certificate Authorities  section ( Figure 2 ). Figure 2 Continue adding Internal Certificate Authorities as needed. Set Internal Certificate Authority as Default Under the  Edit/Delete Existing Internal Certificate Authorities  place a checkmark under the Default column of the Internal Certificate Authority you wish to set as default. The system will automatically set the Certificate Authority as the default ( Figure 3 ). Figure 3 Delete Internal Certificate Authority Default Internal Certificate Authorities or Internal Certificate Authorities that have been used to issue certificates to Internal or External Recipients cannot be deleted. In those cases you must either set another Internal CA as the default and/or you must first remove the Internal Recipients under  Gateway --> Internal Repients  and the External Recipients under  Encryption --> External Recipient Encryption  which will also remove any certificates assigned to those recipients. Please note, you do not have to remove all internal or external recipients, only the recipients that have certificates assigned to them by the Internal Certificate Authority you wish to delete. If an internal Certificate Authority cannot be deleted, the Delete column of that entry will contain a  icon. Otherwise, if it can be deleted, the Delete column of that entry will contain a  icon. Under the  Edit/Delete Existing Internal Certificate Authorities  click the icon of the Internal Certificate Authority you wish to delete. On the confirmation page, click on the  YES  button to delete the Internal CA or click the  NO  button to cancel. Figure 4 You will be returned to the  Internal Certificate Authority  Page