Communications Express Mail now includes the security advantages of the Secure/Multipurpose Internet Mail Extension (S/MIME). Communications Express Mail users who are set up to use S/MIME can exchange signed or encrypted messages with other Communications Express Mail users, and with users of the Microsoft Outlook mail system or other mail clients that support S/MIME.
The signature and encryption features of S/MIME are available to a Communications Express Mail user only after:
A private and public key pair are issued with a certificate in standard X.509 format. The certificate assures other mail users that the keys really belong to the person who uses them. Keys and their certificate are issued from within your organization or purchased from a third-party vendor. Regardless of how the keys and certificate are issued, the issuing organization is referred to as a certificate authority (CA).
The private-public key pair, with its certificate, are properly stored electronically in a local key store or distributed to end users on common access cards (CACs), referred to as smart cards.
All public keys and certificates are stored to an LDAP directory, accessible by Directory Server. This is referred to as publishing the public keys to make them available to other mail users who are creating S/MIME messages.
Card reading devices are properly installed on the client machines when private-public key pairs and their certificates are stored on smart cards.
All the necessary platform software is installed on the client machines where Communications Express Mail is accessed.
All the necessary Sun Microsystems software is installed and configured for S/MIME.
The Communications Express Mail user is set up to use the Sun Microsystems mail system. This includes giving the user permission to use the S/MIME features.
Before you deploy your mail system for S/MIME, be sure you are familiar with these concepts:
Basic administrative procedures of your platform
Structure and use of an LDAP directory
Addition or modification of entries in an LDAP directory
Configuration process for Sun Java System Directory Server
Concepts and purpose of the following:
Secure Socket Layer (SSL) for a secured communications line
Digitally signed email messages
Encrypted email messages
Local key store of a browser
Smart cards and the software and hardware to use them
Private-public key pairs and their certificates
Certificate authorities (CA)
Verifying keys and their certificates
Certificate revocation list (CRL)