The instructions described here apply, whether you came to this page through the regular Web Administration Interface or through the myDME interface. For more information about myDME, see Appendix E: myDME.
In the User section of the S/MIME panel you can see user certificates. The certificates listed here are used by to sign outgoing S/MIME messages, to decrypt incoming encrypted S/MIME messages, and to encrypt outgoing S/MIME messages stored in your Sent folder. The list shows the certificate issuer, the date of expiration, and whether the certificate is valid.
Secure Multipurpose Internet Mail Extensions (S/MIME) provides a secure method of sending e-mail and is incorporated into many popular e-mail applications. S/MIME provides confidentiality and authentication by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. S/MIME complies with the Public Key Cryptography Standard (PKCS) #7 format and has been proposed as a standard to the Internet Engineering Task Force (IETF).
In other words, the sender of an e-mail can provide a guarantee to the recipient that the e-mail is in fact sent from the sender, and that the content of the e-mail has not been tampered with on the way to the recipient. S/MIME relies on a system of public/private keys and trust authorities.
This is where a user can install his or her private key through the myDME interface, or where the DME administrator installs the private keys on behalf of the DME users. In the following, it is assumed that the user installs the certificate himself or herself.
To install your personal certificate, click the Upload Personal Certificate icon in the tab toolbar. Doing this permits you to upload the P12 or PKCS12 file, which you received from the trust authority (which issued the certificate - see Appendix E: myDME), and which contains your public and private keys. This will open the following pop-up window:
In the upload dialog, you are prompted for the location of the P12 or PKCS12 file. Furthermore, you must complete the following fields:
Owner's user ID
This is your keystore identity (your DME user name (mail name) before the @ sign). Note that in myDME this field is not shown, as you can only upload your own private keys.
Keystore password
This is the password which must be supplied to open the encrypted keystore (PKCS12) file, and which is typically issued to you by the trust authority.
Password for private key
This is the separate password for the private key contained in the PKCS12 file. Only enter this if you know that it is required.
When you click Accept, the public and private keys of the user in question are uploaded and installed in the DME server's keystore. You can now click the user in the table to view the certificate and see the certificate chain (sometimes trust authorities issue certificates based on their trusting other authorities - this is described as a certificate chain).
To use the personal certificate in the DME client, you need to enter the private key password into the Private key password field in the Security page of the Settings menu of your device. If you have entered a password in the Password for private key field, this is what you must enter in the client. Otherwise, enter the Keystore password. Your client can now access your private key on the server.
in the tab toolbar. Doing this permits you to upload the 