When checking the certificate of a public key against a CRL, the S/MIME applet must communicate directly with the Messaging Server.
Do the administrative tasks to configure the Messaging Server for SSL. See 23.5 Configuring Encryption and Certificate-Based Authentication.
Set the sslrootcacertsurl parameter in the smime.conf file to specify the information to locate the root SSL CA certificates. These CA certificates are used to verify the Messaging Server’s SSL certificates when the SSL link is established between the Messaging Server and the S/MIME applet.
Set the checkoverssl parameter in the smime.conf file to 1. This Messaging Server option determines whether SSL is used for the link between the Messaging Server and the S/MIME applet. Regardless of how a Communications Express Mail user specifies the URL for the Messenger Server (HTTP or HTTPS), the link between the Messaging Server and the S/MIME applet is secured with SSL when checkoverssl is set to 1.
A proxy server can be used between the Messaging Server and client applications such as Communications Express Mail. See 24.9.4 Proxy Server and CRL Checking using a proxy server with and without a secured communications link.