How does the SecureMail Gateway work with other S/MIME encryption solutions?

How does the SecureMail Gateway work with other S/MIME encryption solutions?

In this article, we will explain how GlobalCerts' email encryption solutions can also work to allow you to automatically encrypt emails via S/MIME to 3rd parties that have an email certificate. We will also show how 3rd parties can encrypt emails to your users via S/MIME, even though they do not use GlobalCerts.

Certificate Harvesting

The SecureMail Gateway is configured to automatically detect any digitally signed emails coming in to your organization, and pull out or 'harvest' the sender's public certificate. This is very useful because if the sender signed the email with a trusted and unexpired X.509 certificate, it can be extracted and then used by the SMG to automatically encrypt outbound emails to that recipient via S/MIME encryption. This way, the recipient will receive the encrypted message directly to their inbox account, rather than needing to utilize the SecureMessenger web portal to authenticate and read the message. 

All harvested certificates are listed in the SMG's web adminstration under the 'Certificates' -> 'User Trust' menu sub-item. This page displays a list of all harvested user certificates, and their status (trusted, untrusted, rejected). If the certificate harvested is signed by a trusted Certificate Authority that exists in our system, then the certificate is automatically trusted. Otherwise, you can explicitly trust a certificate, even a self-signed one, by clicking on the checkbox next to it and clicking 'Trust' at the bottom.

Allowing Other Encryption Solutions To Send You Encrypted Emails

Similarly, 3rd party email users with S/MIME encryption capabilities can use GlobalCerts users' public certificates to send encrypted messages. First, the SMG user must send a digitally signed email to the other party. This can easily be accomplished by tagging the message with [sign] in the subject line, including the brackets. The SMG will then automatically intercept the message and digitally sign it with the user's private key, and also attach the public certificate(s) to the email. This signature is included as a standard PKCS attachment called 'smime.p7s'.

On the recipients side, their email gateway or email client can then view the signature, pull out the public certificate, and then import it into various certificate stores for later use to send S/MIME encrypted emails back to you. The SecureMail Gateway will then automatically detect the encrypted email and use the user's private key for decryption, and send it directly to the user's inbox.
Note: The GlobalCerts signatures will NOT be implicitly trusted by 3rd parties because the GlobalCerts root CA is not implicitly trusted. In order to remove any warnings, the other user may wish to import the intermediate and GlobalCerts root CA (also attached in the signature) and explicitly trust them.

    • Related Articles

    • How To Import SMG User's S/MIME Certificates into Microsoft Outlook

      Introduction The article describes how to manually trust and use GlobalCerts S/MIME certificates within Microsoft Outlook. It is useful for any 3rd parties that would like to use S/MIME to secure their email with a GlobalCerts user. It assumes you ...
    • End User Training for the SMG

      The attached document contains detailed walkthroughs on how to send and receive secure emails using the SecureMail Gateway solution.
    • How do I use an external person's certificate to send them S/MIME secure email?

      If you have external contact that has their own S/MIME certificate for email signatures and encryption, our solutions can very easily capture and use this to send secured emails to them. First, our system will need to capture or 'harvest' their ...
    • SecureMail Gateway Administration

      The GlobalCerts SecureMail Gateway is administered through a secure web portal on a special port. In order to access your administration, open a browser and enter your SMG's hostname followed by port 444 into the URL bar. For example: ...
    • SMTP over TLS with the SecureMail Gateway

      An ever increasing number of mail services and services now support "opportunistic" TLS encryption for emails. When an email is delivered from one mail server to another, it can use an encrypted tunnel to send the email. Since this requires a ...