Previous     Contents     DocHome     Index     Next     
iPlanet Trustbase Transaction Manager 3.0.1 Beta Configuration and Installation



Chapter 6   SMTP Proxy Configuration


As part of the SMTP Proxy configuration various S/MIME Settings determine how iPlanet Trustbase Transaction Manager will accept mail based requests as well as the format of the responses. For example: Whether messages should be encrypted or not, or how responses should be signed.


S/MIME Settings


The file /opt/ittm/myhost/tbase.properties contains a number of S/MIME settings that are now discussed:
[TbaseSmime]

mail.smtp.host=smtphost.smime.com

mail.from=ttm@smime.com

loopback=false

debug=false

connector.test=false

smime.capability.store.impl=com.iplanet.trustbase.security.smime.SimpleSmimeCapabilityStore

smime.mode=SIGN:ENVELOPE

smime.permit.unencrypted=true

smime.signing.cert=TTMEMAIL

smime.encryption.alg=3DES/CBC/PKCS5

  • SMTP server. The hostname of your outgoing mail server.
    mail.smtp.host=smtphost.smime.com

  • Default From address. This should match the email address in the Distinguished Name (DN) of the default signing certificate.
    mail.from=ttm@smime.com

  • Loopback test mode. This setting is for diagnostic purposes and is not normally used.
    loopback=false

  • Debug test mode. This setting is for diagnostic purposes and is not normally used.
    debug=false

  • Connector Test Mode. This setting is for diagnostic purposes and is not normally used.
    connector.test=false

  • This setting for internal use by iPlanet Trustbase Transaction Manager and should not normally be changed.
    smime.capability.store.impl=com.iplanet.trustbase.security.smime. SimpleSmimeCapabilityStore

  • The S/MIME mode parameter takes the form:
    MODE ::= [PROT][:PROT]*
    PROT ::= PROT_TYPE[,PROT_PROPERTY=VALUE]
    PROT_TYPE ::= SIGN | CLEAR_SIGN | ENVELOPE
    PROT_PROPERTY ::= smime.signing.cert | smime.encryption.alg
    VALUE ::= string

  • S/MIME mode parameter. This parameter is concerned with the outgoing response messages. If an email is signed using the SIGN parameter then if the signature does not verify, the message content cannot be read. However if the CLEAR_SIGN parameter is used then even if the signature does not verify, the content can still be read. The ENVELOPE parameter indicates that the outgoing Trustbase response message will be encrypted

  • A simple S/MIME mode parameter specifying that a message should be signed and then enveloped. Unless an application specifies the signing key, the key specified in the smime.signing.cert property will be used.
    smime.mode=SIGN:ENVELOPE

  • A more complete S/MIME mode parameter, specifying that messages should be signed with the key with an alias TTMEMAIL, and encrypted using DES
    smime.mode=SIGN,smime.signing.cert=TTMEMAIL:ENVELOPE,smime.encrypt ion.alg=DES

  • Allow unencrypted requests. If true, and an ENVELOPE protection has been requested, but there is no key for the recipient, then the message will be sent unencrypted. If false, the message will not be sent.
    smime.permit.unencrypted=true

  • S/MIME default signing certificate alias. This alias should be assigned to the certificate that will sign and encrypt outgoing responses. The following TokenKeyTool (see iTTM Javadocs) commands will add the alias TTMEMAIL to your Identrus interparticipant signing certificate:

    cd /opt/ittm/Scripts

    ./runtokenkeytool

    addalias -alias IPSC -newalias TTMEMAIL

    tbase.properties can be amended as follows:.
    smime.signing.cert=TTMEMAIL

  • The default encryption algorithm for outgoing S/MIME responses.
    smime.encryption.alg=3DES/CBC/PKCS5


Previous     Contents     DocHome     Index     Next     
Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2001 Netscape Communications Corp. All rights reserved.

Last Updated October 31, 2002