Configure SMIME Security Settings

In addition to SSL encryption, Oracle-managed Service mailboxes and general Service mailboxes support S/MIME, an industry standard for ensuring the security of message content through the use of electronic signatures, encryption, or both.

1. Click Configuration on the navigation pane.
2. Expand Site Configuration, and then double-click Mailboxes.
3. Click the mailbox you want to edit in the tree.
4. Click Security on the ribbon.
5. Enter field information to identify the mailbox’s public certificate/private key file and set certificate import requirements.

   S/MIME Security Settings

   Field	Description
   Mailbox Personal Certificate and Key	Click the Browse icon to find the file containing the public certificate and private key assigned to the mailbox by the certification authority. The file you import should be in a password-protected Personal Information Exchange PKCS#12 format, using a .pfx or .p12 file extension. It must also contain the email address of the mailbox exactly as it was entered for outgoing email. See Edit an Oracle-Managed Service Mailbox. When prompted, enter the original password, this is the password used to encrypt the file. You must also enter the new password, the password the private key is to be encrypted with in the database. Note: The file is not imported until you save all mailbox settings.
   Import Untrusted Certificates	Select this check box to bypass verification that the mailbox certificate file will to be imported (set in the mailbox personal certificate and key field) or a contact certificate extracted from a signed S/MIME email is signed by a trusted certification authority. Changing this setting does not affect previously imported and stored certificates.
   Import Expired or Not Yet Valid Certificates	Select this check box to bypass verification of the certificate date for the mailbox certificate file to be imported (set in the mailbox personal certificate and key field) or a contact certificate extracted from a signed S/MIME email. The Techmail utility will then accept certificates from S/MIME emails sent to this mailbox that have expired or are not yet valid. This setting applies to every certificate in the certificate chain, from the root certificate through any subordinate certificates to the POP3 server’s certificate. Changing this setting does not affect previously imported and stored certificates.
   Do not use S/MIME signature certificates	Select this check box to allow unverified S/MIME signed emails for incident creation and updates. If this check box is selected, certificates from signed emails are not stored with the contact record.
   Ignore certificate integrity sign errors	Select this check box to allow incidents to be created and updated even if an email fails the signature check.

6. Click Save.