Previous Contents DocHome Index Next |
iPlanet Trustbase Transaction Manager 3.0.1 Beta Configuration and Installation |
Chapter 6 SMTP Proxy Configuration
As part of the SMTP Proxy configuration various S/MIME Settings determine how iPlanet Trustbase Transaction Manager will accept mail based requests as well as the format of the responses. For example: Whether messages should be encrypted or not, or how responses should be signed.
S/MIME Settings
The file /opt/ittm/myhost/tbase.properties contains a number of S/MIME settings that are now discussed:
[TbaseSmime]
mail.smtp.host=smtphost.smime.com
smime.capability.store.impl=com.iplanet.trustbase.security.smime.SimpleSmimeCapabilityStore
SMTP server. The hostname of your outgoing mail server.
mail.smtp.host=smtphost.smime.com
Default From address. This should match the email address in the Distinguished Name (DN) of the default signing certificate.
mail.from=ttm@smime.com
Loopback test mode. This setting is for diagnostic purposes and is not normally used.
loopback=false
Debug test mode. This setting is for diagnostic purposes and is not normally used.
debug=false
Connector Test Mode. This setting is for diagnostic purposes and is not normally used.
connector.test=false
This setting for internal use by iPlanet Trustbase Transaction Manager and should not normally be changed.
smime.capability.store.impl=com.iplanet.trustbase.security.smime. SimpleSmimeCapabilityStore
The S/MIME mode parameter takes the form:
MODE ::= [PROT][:PROT]*
PROT ::= PROT_TYPE[,PROT_PROPERTY=VALUE]
PROT_TYPE ::= SIGN | CLEAR_SIGN | ENVELOPE
PROT_PROPERTY ::= smime.signing.cert | smime.encryption.alg
VALUE ::= string
S/MIME mode parameter. This parameter is concerned with the outgoing response messages. If an email is signed using the SIGN parameter then if the signature does not verify, the message content cannot be read. However if the CLEAR_SIGN parameter is used then even if the signature does not verify, the content can still be read. The ENVELOPE parameter indicates that the outgoing Trustbase response message will be encrypted
A simple S/MIME mode parameter specifying that a message should be signed and then enveloped. Unless an application specifies the signing key, the key specified in the smime.signing.cert property will be used.
smime.mode=SIGN:ENVELOPE
A more complete S/MIME mode parameter, specifying that messages should be signed with the key with an alias TTMEMAIL, and encrypted using DES
smime.mode=SIGN,smime.signing.cert=TTMEMAIL:ENVELOPE,smime.encrypt ion.alg=DES
Allow unencrypted requests. If true, and an ENVELOPE protection has been requested, but there is no key for the recipient, then the message will be sent unencrypted. If false, the message will not be sent.
smime.permit.unencrypted=true
S/MIME default signing certificate alias. This alias should be assigned to the certificate that will sign and encrypt outgoing responses. The following TokenKeyTool (see iTTM Javadocs) commands will add the alias TTMEMAIL to your Identrus interparticipant signing certificate:
addalias -alias IPSC -newalias TTMEMAIL
The default encryption algorithm for outgoing S/MIME responses.
smime.encryption.alg=3DES/CBC/PKCS5
Previous Contents DocHome Index Next
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.
Last Updated October 31, 2002