Configuring Signed and Encrypted Emails
To facilitate the decryption of signed and encrypted emails in PeopleSoft, you must configure the existing PeopleSoft pages by adding public certificates, private keys, and private key passphrases to the database.
This example illustrates the fields and controls on the MCF Email Configuration page. You can find definitions for the fields and controls later on this page.
|
Field or Control |
Description |
|---|---|
|
Email Address |
Enter the email address of the recipient. |
|
Configuration Name |
Enter the configuration name. For inbound encrypted emails, this is always RECIPIENTPKPASSPHRASE. Private keys that are used with outbound emails are filed under the configuration name SENDERPKPASSPHRASE. |
|
Password |
Enter the password for encryption. |
|
Confirm Password |
Confirm the password for encryption. |
|
Encrypted Password |
Click Encrypt button to generate the encrypted password. |
|
MCF Config Value |
Copy and paste the encrypted password. |
To verify and decode signed inbound emails, you must configure the smime_signed_verify algorithm keyset. If an email may be both signed and encrypted, you must configure the smime_signandencrypt_decryptandverify algorithm. For encrypted, but not signed emails, the smime_encrypted_decrypt algorithm must be configured.
To configure the smime_signed_verify algorithm, add the email sender's public certificate to the corresponding keyset after ensuring that the keyset ID is the email address of the email sender.
To configure the smime_encrypted_decrypt algorithm and the smime_signandencrypt_decryptandverify algorithm:
Add the email sender's public certificate, the email receiver's public certificate, and the email receiver's private key to the corresponding keyset.
Note: Ensure that the keyset ID for the certificates is the associated email address. Prefix the greater than (>) sign to the email address for the recipient's private key.
Add the email recipient's private key passphrase to the MCF configuration page.
For all private keys entered into the keyset algorithms mentioned in this section, you must enter the passphrases for the recipient’s private keys into the MCF Email Configuration page. To access the configuration page for private key passphrases, select
To verify and decode signed outbound emails, you must configure the following parameters in the psappsrv.cfg or psprcs.cfg files, using the SMTP Settings section that already contains outbound email settings:
SMTPSMIMEEncryption
SMTPSMIMESignature
SMTPSMIMEHandling
SMTPSMIMEHandling1
SMTPSMIMEEncryption1
SMTPSMIMESignature1
To configure outbound signed emails:
Configure the smime_signed_sign algorithm.
See Emails — smime_signed_sign section in Understanding the Supported Algorithms.
Add the email sender's private key passphrase to the MCF configuration page.
Note: You must not configure the private key passphrase in the keyset.
To configure outbound encrypted emails:
Configure the smime_encrypted_encrypt algorithm.
See Emails — smime_encrypted_encrypt section in Understanding the Supported Algorithms.
Add the email receiver's private key passphrase to the MCF configuration page.
Note: You must not configure the private key passphrase in the keyset.
To configure outbound emails that are both signed and encrypted:
Configure the smime_signandencrypt_signandencrypt algorithm.
See Emails — smime_signandencrypt_signandencrypt section in Understanding the Supported Algorithms.
Add the email sender's private key passphrase to the MCF configuration page.
Note: You must not configure the private key passphrase in the keyset.