Previous     Contents     DocHome     Index     Next     
iPlanet Trustbase Transaction Manager 2.2.1 Installation and Configuration Guide



Chapter 7   SMTP Proxy Configuration


As part of the SMTP Proxy configuration various S/MIME Settings determine how iPlanet Trustbase Transaction Manager will accept mail based requests as well as the format of the responses. For example: Whether messages should be encrypted or not, or how responses should be signed.


S/MIME Settings


The file <install_directory>/Trustbase/TTM/<machine_name>/tbase.properties contains a number of S/MIME settings that are now discussed:
[SmimeServlet]
mail.smtp.host=smtphost.smime.com
mail.from=ttm@smime.com
loopback=false
debug=false
smime.capability.store.impl=com.iplanet.trustbase.security.smime. SimpleSmimeCapabilityStore
smime.mode=SIGN:ENVELOPE
smime.permit.unencrypted=true
smime.signing.cert=TTMEMAIL
smime.encryption.alg=3DES/CBC/PKCS5

  • SMTP server. The hostname of your outgoing mail server.
    mail.smtp.host=smtphost.smime.com

  • Default From address. This should match the email address in the Distinguished Name (DN) of the default signing certificate.
    mail.from=ttm@smime.com

  • Loopback test mode. This setting is for diagnostic purposes and is not normally used.
    loopback=false

  • Debug test mode. This setting is for diagnostic purposes and is not normally used.
    debug=false

  • This setting for internal use by iPlanet Trustbase Transaction Manager and should not normally be changed.
    smime.capability.store.impl=com.iplanet.trustbase.security.smime. SimpleSmimeCapabilityStore

  • The S/MIME mode parameter takes the form:
    MODE ::= [PROT][:PROT]*
    PROT ::= SIGN[,KEY] | CLEAR_SIGN[,KEY] | ENVELOPE[,CIPHER]

  • S/MIME mode parameter. This parameter is concerned with the outgoing response messages. If an email is signed using the SIGN parameter then if the signature does not verify, the message content cannot be read. However if the CLEAR_SIGN parameter is used then even if the signature does not verify, the content can still be read. The ENVELOPE parameter indicates that the outgoing Trustbase response message will be encrypted.
    smime.mode=SIGN:ENVELOPE

  • Allow unencrypted requests. If true, and an ENVELOPE protection has been requested, but there is no key for the recipient, then the message will be sent unencrypted. If false, the message will not be sent.
    smime.permit.unencrypted=true

  • S/MIME purpose attribute. This attribute should be assigned to the certificate that will sign and encrypt outgoing responses. To assign an attribute to a certificate in the iPlanet Trustbase Transaction Manager store see section on "Assigning Attributes to Certificates".
    smime.signing.cert=TTMEMAIL

  • The default encryption algorithm for outgoing S/MIME responses.
    smime.encryption.alg=3DES/CBC/PKCS5


Previous     Contents     DocHome     Index     Next     
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated April 18, 2001