Configure CipherMail Gateway

The CipherMail EJBCA connector requires some configuration steps.

To make sure the EJBCA config is loaded at startup, create a symlink to the EJBCA config file:

cd /usr/share/djigzo/conf/spring/spring.d
sudo ln -s ../ejbca-certificate-request-handler.xml

The ejbca-certificate-request-handler.xml file contains EJBCA specific settings which should be modified to match the EJBCA setup.

The following settings should be modified to match the EJBCA setup

  • webServiceURL

  • keyStoreFile

  • keyStorePassword

  • trustStoreFile

  • trustStorePassword

  • CAName

  • endEntityProfileName

  • certificateProfileName

For the reminder of this guide we assume the following:

  • CAName is set to SMIMECA

  • endEntityProfileName is set to SMIME

  • certificateProfileName is set to SMIME

Configure EJBCA

This guide will setup a minimal EJBCA configuration. For a production setup, a more advanced setup might be needed.

Add a new CA

  • Login to EJBCA administration page

  • Open the “Manage Certification Authorities” page (Certification Authorities)

  • Set the “Add CA” field to SMIMECA, then click Create…

  • Set “Validity” to some date in the future. For example “2030-10-20 09:48:14+00:00”

  • Set “CA Serial Number Octet Size” to 4

  • Click Create to create the CA

Add a new Certificate Profile

  • Open the “Manage Certificate Profiles” page (Certificate Profiles)

  • Add a new profile with name SMIME

Add a new End Entity Profile

  • Open the “Manage End Entity Profiles” page (End Entity Profiles)

  • Add a new profile with name SMIME

  • Select the newly added profile and click Edit End Entity Profile

  • Under “Subject DN Attributes”, select “emailAddress, E-mail address in DN” for the “Subject DN Attributes” field and click Add

  • Under “Other subject attributes”, select “RFC 822 name (e-mail address)” for the “Subject Alternative Name” field and click Add

  • In the field “Default Certificate Profile”, select SMIME

  • In the field “Available Certificate Profiles”, select SMIME

  • In the field “Default CA”, select SMIMECA

  • In the field “Available CAs”, select SMIMECA

  • Click Save


You should now be able to request certificates from EJBCA using the EJBCA certificate request handler:

  • Login to CipherMail gateway

  • Open the “Create new end-user certificate” page (S/MIME ‣ Certificate Authority

  • Under the field “Request handler”, select “EJBCA”

  • Select an email address

  • Click Request certificate