Skip to Content
Author's profile photo Former Member

S/MIME Security for the MAIL-Adapter within XI

The aim to perform S/MIME, Signed Data and Enveloped Data is to ensure that the Message (Data) is not changed and / or transferred confidential. The following security profiles are available:   –     Signing the MAIL-Body         Verification of the applied signature  –     Encrypt the MAIL-Body         Decrypt the MAIL-Body  –     Signing the MAIL-Body then encrypt the SOAP-Body         Decrypt the MAIL-Body then verify the applied signature  Configuration Check if the keys and the certificates required for applying the above mentioned security profiles are available.  You can check for the same in the “Key storage” service present in the visual admin. image Check the expiry date for the keys and certificates. image If the required keys and certificates are not available do import the same.  Assign Security Roles Use the J2EE Visual Administrator to assign security roles as follows: a.     Select the service Security Provider on the corresponding server. b.     Under Policy Configuration select the component*wssprocess.jar c.     Assign the security role WSSecurityProcessing to the user you specified in the above maintained RFC destination for logging on to the Integration Server image If the private key and public root certificate of any keystore view are not contained in the TrustedCAs or DEFAULT view, assign the security role KeystoreAdministrator of this keystore view component to the user you specified in the above maintained RFC destination for logging on to the Integration Server  Please ensure the Sender and Receiver Agreements have the correct configurations of the Keystores  a. Receiver Agreement Configurationimage b. Sender Agreement Configurationimage Import of Certificates to the Operating System . ( While accessing Microsoft Outlook, these keys are referenced. )   1) Open the Internet Explorer Browser . 2)Go to the Menu Option Tools -> Internet Options . Select the content tab and select the Certificates button and import all the certificates and private keys which are present on your local system. As  mentioned in the screenshot.  image Now after running through the scenario you will find a cryptographic mail in the outlook.  Check the audit log for the sender and the receiver channel to check if SMIME is applied successfully.  Receiver channel image Sender channel image

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Martin Summerer
      Martin Summerer

      Nice wiki! but it still leaves some questions open for me.

      Why does the popup in the Sender agreement does not show all certificates available in the KEyStore?

      What I have done is:
      I aplliaed for a certificate on for testreasons  and installed the pk8 file on the keystore as well as the root certificate in a new KeyStore View.

      In the popup of the Sender agreement I see only the rootcertificate of cacert, but not my personal one.

      Do you have an idea?

      kr MArtin