Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vasya Pupkin2020-01-21 23:10:39
System administration
Vasya Pupkin, 2020-01-21 23:10:39

Is it possible to somehow sign the outgoing wildcard mail with a certificate?

There is a domain, there is a certification authority, usb tokens were bought so that users go not by password, but by key. Set up, scattered user certificates (created in the center) via USB. Everyone logs in - everything works.
It is also possible to sign mail with the same certificate, only this is a local certificate and it will normally work only inside the domain, if you send a signed message to an external device, the client will mark it as spam because you cannot check the certificate, because. it is issued by the local center.
The most obvious option is, of course, to order a bunch of personalized certificates that will correspond to employees' mail, but then what's the point in a local center. If there are 200 users, then you will have to buy 200 certificates.
Is there some kind of wild-card option? I bought a certificate for a domain and just created the rest based on it?
How else can this be implemented?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
C
CityCat4, 2020-01-22
@Desert-Eagle

Is there some kind of wild-card option?

No.
For three reasons.
1. The certificate for the domain may not have the required EKU (Extended Key Usage). EKU TLS Web Server Authentication is usually used for server identity, and EKU E-Mail Protection is needed for signing / encrypting mail - and not at all the fact that CA will write it in the certificate, most likely nothing.
2. An email client will not be able to use a certificate in which the emailAddress in the Subject field does not match the soap you are trying to configure - it will stupidly not recognize it (Outlook will not find it, it will do nonsense, TB will ignore)
3. Commercial CAs are also well aware that everyone needs a personal certificate to protect mail, and that is why they sell them individually :) capacity you issue certificates. For money, of course.

Report
V
Vladimir Zhurkin, 2020-01-21
@icCE

Can. This is called s/mime for emails.
Those who don't understand the s/mime format will just get an extra file.
https://sectigo.com/enterprise/sectigo-certificate...
and yes, s/mime is better done for each individual.
You don’t have to pay for additional certificates (although someone likes it)

Similar questions
S
Sylar Gray2014-07-02 22:49:16
How to search for similar records in mysql by possible similarity of 3 fields? 5Reply
I
Igor Arkhipov2020-07-15 16:21:24
How to choose a server for a project on 1C-Bitrix? 3Reply
T
Tpy6okyp2016-03-08 02:01:47
Long question on OS organization with virtualization. Recommend a solution? 3Reply
I
Ilya bow2020-07-17 17:46:00
Is there a browser in which you can not see the saved password? Or how to make sure that the password could not be stolen? 7Reply
D
DimiDr0lik2018-07-30 15:56:12
How to find out the ip address of the client when authorizing in the domain? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question