StreamServe Persuasion SP5 Encryption and Authentication



Similar documents
StreamServe Persuasion SP4 Encryption and Authentication

StreamServe Encryption and Authentication

StreamServe . User Guide SP2 Rev A

StreamServe Persuasion SP4 Service Broker

StreamServe Persuasion SP5 Control Center

StreamServe Job Gateway

StreamServe Persuasion SP4 StreamServe Connect for SAP - Business Processes

StreamServe Persuasion SP5 Document Broker Plus

StreamServe Persuasion SP4 Connectors

StreamServe Persuasion SP5 Upgrading instructions

StreamServe Persuasion SP4

ECA IIS Instructions. January 2005

WS_FTP Pro. Addendum to User s Guide. Software Version 6.6. Ipswitch, Inc.

Using etoken for Securing s Using Outlook and Outlook Express

Djigzo S/MIME setup guide

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2007

Prerequisite. Getting Started. Signing and Encryption using Microsoft outlook 2010

StreamServe Persuasion SP5 StreamStudio

Setting Up SSL on IIS6 for MEGA Advisor

MadCap Software. Upgrading Guide. Pulse

Configure Managed File Transfer Endpoints

StoneGate SSL VPN Technical Note Adding Bundled Certificates

Jobs Guide Identity Manager February 10, 2012

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

RoomWizard Synchronization Software Manual Installation Instructions

NSi Mobile Installation Guide. Version 6.2

CHAPTER 7 SSL CONFIGURATION AND TESTING

PUBLIC Connecting a Customer System to SAP HCI

Secure Part II Due Date: Sept 27 Points: 25 Points

Configuring the NetBackup 7.7 Cloud Connector for use with StorReduce

Generating and Installing SSL Certificates on the Cisco ISA500

Clearswift Information Governance

Management Reporter Integration Guide for Microsoft Dynamics GP

Installing and Configuring vcenter Multi-Hypervisor Manager

White Paper. Installation and Configuration of Fabasoft Folio IMAP Service. Fabasoft Folio 2015 Update Rollup 3

Administration Guide Certificate Server May 2013

Server Installation Guide ZENworks Patch Management 6.4 SP2

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Integrated SSL Scanning

How to Secure a Groove Manager Web Site

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

Set Up Setup with Microsoft Outlook 2007 using POP3

Adding Digital Signature and Encryption in Outlook

CA NetQoS Performance Center

Basic Exchange Setup Guide

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on. User Information

Ciphermail Gateway PDF Encryption Setup Guide

CA Unified Infrastructure Management Server

CONFIGURATION AND SETUP USER GUIDE AND REFERENCE MANUAL

Installation Guide. SafeNet Authentication Service

Setup Guide Access Manager Appliance 3.2 SP3

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Bank of Hawaii Protecting Confidential

Personal Secure Certificate

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

To configure Outlook Express for your InfoMetrics address:

Management Reporter Integration Guide for Microsoft Dynamics AX

Novell Identity Manager

etoken Enterprise For: SSL SSL with etoken

How-To Guide SAP NetWeaver Document Version: How To Guide - Configure SSL in ABAP System

Integrated SSL Scanning

SafeGuard Enterprise Web Helpdesk. Product version: 6 Document date: February 2012

Basic Exchange Setup Guide

Scenarios for Setting Up SSL Certificates for View

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

Veritas Cluster Server Database Agent for Microsoft SQL Configuration Guide

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

How to request a certificate

Microsoft Dynamics GP. Workflow Installation Guide Release 10.0

Password Management Guide

Sophos Mobile Control Installation guide. Product version: 3.5

How to Configure a Secure Connection to Microsoft SQL Server

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

Using TLS Encryption with Microsoft Outlook 2007

WatchDox SharePoint Beta Guide. Application Version 1.0.0

User Guide. MailMarshal Secure 5.5. August 2006

StreamServe Persuasion SP5 Ad Hoc Correspondence and Correspondence Reviewer

RSA Security Analytics

JPMorgan Chase Treasury Workstation. Certification Setup Guide Version 2.0

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

SolarWinds Technical Reference

SMART Vantage. Installation guide

DocuShare Agent User Guide

Sophos Mobile Control Installation guide. Product version: 3

POP3 Connector for Exchange - Configuration

Instructions for Microsoft Outlook 2003

Internet Script Editor (ISE)

Sophos Mobile Control Installation guide. Product version: 3.6

Configuring Digital Certificates

How To Install A Citrix Netscaler On A Pc Or Mac Or Ipad (For A Web Browser) With A Certificate Certificate (For An Ipad) On A Netscaler (For Windows) With An Ipro (For

HELP DOCUMENTATION SSRPM WEB INTERFACE GUIDE

Ciphermail for Android Quick Start Guide

Junio SSL WebLogic Oracle. Guía de Instalación. Junio, SSL WebLogic Oracle Guía de Instalación CONFIDENCIAL Página 1 de 19


Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Setup Guide Access Manager 3.2 SP3

Transcription:

StreamServe Persuasion SP5 Encryption and Authentication User Guide Rev A

StreamServe Persuasion SP5 Encryption and Authentication User Guide Rev A 2001-2010 STREAMSERVE, INC. ALL RIGHTS RESERVED United States patent #7,127,520 No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of StreamServe, Inc. Information in this document is subject to change without notice. StreamServe Inc. assumes no responsibility or liability for any errors or inaccuracies that may appear in this book. All registered names, product names and trademarks of other companies mentioned in this documentation are used for identification purposes only and are acknowledged as property of the respective company. Companies, names and data used in examples in this document are fictitious unless otherwise noted. StreamServe, Inc. offers no guarantees and assumes no responsibility or liability of any type with respect to third party products and services, including any liability resulting from incompatibility between the third party products and services and the products and services offered by StreamServe, Inc. By using StreamServe and the third party products mentioned in this document, you agree that you will not hold StreamServe, Inc. responsible or liable with respect to the third party products and services or seek to do so. The trademarks, logos, and service marks in this document are the property of StreamServe, Inc. or other third parties. You are not permitted to use the marks without the prior written consent of StreamServe, Inc. or the third party that owns the marks. Use of the StreamServe product with third party products not mentioned in this document is entirely at your own risk, also as regards the StreamServe products. StreamServe Web Site

3 Contents About encryption and authentication...5 Digital certificates...6 Security configurations...7 Entropy...8 Trust Server administration...9...11 Trust Server security configurations...12 Security configuration for an SSL server... 12 Security configuration for an SSL client... 13 Security configuration for signing emails... 13 Security configuration for rejecting emails from non-trusted addresses... 14 Security configuration for encrypting emails... 14 Security configuration for receiving encrypted emails... 15 Trust Server scenarios...16 SSL server and SSL client... 16 Encrypted emails... 17 Signed emails... 18 Encrypted and signed emails... 20 Legacy security configurations...22 Security configuration for an SSL server (with client authentication)... 22 Security configuration for an SSL server (without client authentication)... 23 Security configuration for an SSL client (with client authentication)... 24 Security configuration for an SSL client (without client authentication)... 25 Security configuration for signing emails... 25 Security configuration for rejecting emails from non-trusted addresses... 26 Security configuration for encrypting emails... 26 Security configuration for receiving encrypted emails... 27 Legacy scenarios...28 SSL server and SSL client with client authentication... 28 SSL server and SSL client without client authentication... 29 Encrypted emails... 30 Signed emails... 31 Signed and encrypted emails... 32 Security configuration GUI reference...34 Trust Server settings... 34 Legacy settings... 35

4

5 About encryption and authentication A StreamServer application can be configured as an SSL server or SSL client that communicates over an encrypted HTTPS channel. Authentication An SSL server must always authenticate itself to all SSL clients, and the SSL client must authenticate itself to the SSL server if the SSL server requires client authentication. S/MIME Encryption and authentication can also be applied to data sent via email, where the StreamServer application uses S/MIME to sign and encrypt/decrypt emails.

6 Digital certificates About encryption and authentication Digital certificates SSL servers and clients use digital certificates for encryption and authentication. A digital certificate is used to verify that a user sending a message is who he claims to be, and to provide the receiver with the means to encode a reply. Certificate Authority A Certificate Authority (CA) is a trusted third-party organization or company that issues digital certificates. Certificate chain A certificate chain is a tree structure of certificates. The validity of a certificate in a certificate chain is verified by the certificate one level up in the tree. The root node in the tree is the self signed root CA certificate. Before the StreamServer can trust a certificate provided by an SSL server or client, it must verify the complete certificate chain up to the root CA certificate. To be able to do this, it must have access to all certificates in the certificate chain. Certificate chain example In this example, a three level deep certificate chain consists of the following certificates: Root CA certificate (level 1). Intermediate CA certificate (level 2). Subject certificate (level 3). The level 1 and 2 certificates are available to the SSL client in this example, and the level 3 certificate is sent by the SSL server to the SSL client. 1 The SSL client sends a request to an SSL server that returns the level 3 certificate. 2 The SSL client uses the public key embedded i the level 2 certificate to verify the signature of the level 3 certificate, and to verify that the level 3 certificate has not been revoked. 3 If the level 3 certificate is OK, the SSL client uses the public key embedded i the level 1 certificate to verify the signature of the level 2 certificate, and to verify that the level 2 certificate has not been revoked. 4 If the level 2 certificate is OK, the SSL client verifies the self signed level 1 certificate. It uses the public key embedded i the level 1 certificate to verify the signature of the level 1 certificate, and to verify that the level 1 certificate has not been revoked. 5 If all tests are OK, the complete certificate chain can be trusted, and the identity and integrity of the level 3 certificate is verified.

Security configurations 7 About encryption and authentication Security configurations In Design Center, digital certificates are managed using a specific resource type called security configuration. There are two types of security configurations: Trust Server all certificate information is retrieved from an XKMS (XML Key Management Specification) compliant Trust Server. Only the certificate chain that verifies the identity of the Trust Server is stored locally. See Trust Server security configurations on page 12. Legacy all certificate and private key data is stored locally. See Legacy security configurations on page 22.

8 Entropy About encryption and authentication Entropy When running on a Windows platform, the StreamServer uses a default entropy source to generate randomness for SSL. When running on a UNIX platform, the StreamServer searches for the entropy using the following sources: /dev/random /var/run/egd-pool /dev/egd-pool /etc/egd-pool /etc/entropy /dev/urandom The StreamServer only uses the first source found in the list, starting at the top. You must make sure that the appropriate entropy source is available. Note: If no source is found in the list above, the StreamServer will use an entropy source of low quality.

Trust Server administration 9 About encryption and authentication Trust Server administration The Trust Server is installed separately. For information on how to administer the Trust Server, see the documentation included in the Trust Server installation.

10 Trust Server administration About encryption and authentication

11 You can create security configurations for different purposes. For example, if the StreamServer is both an SSL server (specified using an HTTPS input connector) and an SSL client (specified using an HTTPS Submit output connector or HTTPS Poll input connector), you can create one security configuration for the server and another for the client. Then you connect the server security configuration to the HTTPS input connector, and the client security configuration to the HTTPS Submit output connector. Note: You should be experienced in the area of SSL and S/MIME to be able to create security configurations.

12 Trust Server security configurations Trust Server security configurations If the StreamServer and all involved parties (SSL server/client and email sender/ receiver) are registered in a Trust Server, you can use Trust Server security configurations. In this case all certificate information is retrieved from the Trust Server, and only the certificates that verify the identity of the Trust Server are stored locally. Prerequisites The certificates that verify the identity of the Trust Server are added to the same resource set as the security configuration. The certificates for all involved parties (SSL server/client and email sender/ receiver) are registered in the Trust Server. To create a Trust Server security configuration 1 In a resource set, create a new Security Configuration resource. 2 Give the security configuration a unique name. 3 Open the security configuration and select the type Trust Server. 4 On the Certificates tab, add all the certificate resources to include in the certificate chain used to verify the identity of the Trust Server. 5 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. Depending on the purpose of the security configuration, you must also configure a number of additional parameters: Security configuration for an SSL server on page 12 Security configuration for an SSL client on page 13 Security configuration for signing emails on page 13 Security configuration for rejecting emails from non-trusted addresses on page 14 Security configuration for encrypting emails on page 14 Security configuration for receiving encrypted emails on page 15 Security configuration for an SSL server You can run the StreamServer as an SSL server that communicates with one or more SSL clients. To achieve this, you must create a security configuration and an HTTPS input connector, and connect the security configuration to the HTTPS input connector. To create a security configuration 1 Create a new security configuration. See To create a Trust Server security configuration on page 12.

Trust Server security configurations 13 2 On the HTTP tab, enter the Key name and Passphrase to access the StreamServer private key. To connect the security configuration to the connector 1 Open the HTTPS input Connector Settings dialog box. 2 In the Security configuration field, browse to and select the security configuration. Security configuration for an SSL client You can run the StreamServer as an SSL client that communicates with an SSL server. To achieve this, you must create a security configuration and an HTTPS Submit output connector (or HTTPS Poll input connector), and connect the security configuration to the connector. To create a security configuration 1 Create a new security configuration. See To create a Trust Server security configuration on page 12. 2 If the SSL server requires client authentication, you must also select the HTTP tab and enter the Key name and Passphrase to access the StreamServer private key. To connect the security configuration to an HTTPS Submit output connector 1 Open the HTTPS Submit Output Connector Settings dialog box. 2 Select Use security configuration. 3 In the Security configuration field, browse to and select the security configuration. To connect the security configuration to an HTTPS Poll input connector 1 Open the HTTPS Poll Input Connector Settings dialog box. 2 In the Security configuration field, browse to and select the security configuration. Security configuration for signing emails The StreamServer can sign emails. The email recipients use the signature to verify that the email comes from a trusted address. To achieve this you must create a security configuration for each From address, and enable signing of emails on the output connector that delivers the emails (SMTP (MIME) or SMTP (MIME) for MailOUT).

14 Trust Server security configurations To create a security configuration 1 Create a new security configuration. See To create a Trust Server security configuration on page 12. 2 On the Email tab, enter the Key name and Passphrase to access the private key for the From address. To enable signing Open the email Output Connector Settings dialog box and select Sign. Security configuration for rejecting emails from nontrusted addresses The StreamServer can reject emails from non-trusted addresses. The StreamServer uses the sender s public key to verify the identity of the sender. To achieve this you must create a security configuration, and enable rejection of emails on the EmailIN input connector. To create a security configuration Create a new security configuration. See To create a Trust Server security configuration on page 12. To enable rejection 1 Open the EmailIN input Connector Settings dialog box and select Retrieve email > Advanced. 2 Select Request signature. Security configuration for encrypting emails The StreamServer can encrypt emails, and prevent emails from being sent to nontrusted addresses. The StreamServer encrypts an email with the recipient s public key. To achieve this you must create a security configuration, and enable encryption of emails on the output connector that delivers the emails (SMTP (MIME) or SMTP (MIME) for MailOUT). To create a security configuration Create a new security configuration. See To create a Trust Server security configuration on page 12. To enable encryption Open the email Output Connector Settings dialog box and select Encrypt.

Trust Server security configurations 15 Security configuration for receiving encrypted emails The StreamServer can decrypt received emails, and reject unencrypted emails. The StreamServer decrypts emails with the private key. To achieve this you must create a security configuration, and enable rejection of unencrypted emails on the EmailIN input connector. To create a security configuration 1 Create a new security configuration. See To create a Trust Server security configuration on page 12. 2 On the Email tab, enter the Key name and Passphrase to access the private key for the recipient address. To enable rejection of unencrypted emails 1 Open the EmailIN input Connector Settings dialog box and select Retrieve email > Advanced. 2 Select Request encryption.

16 Trust Server scenarios Trust Server scenarios SSL server and SSL client This scenario involves the two StreamServers SERVER and CLIENT. The SERVER communicates via an HTTPS input connector, and the CLIENT communicates via an HTTPS Submit output connector. Prerequisites Both SERVER and CLIENT use SSL version SSLv3. Both SERVER and CLIENT have the following resource in the default resource set: TS root.cer the Trust Server CA root certificate. This is the only certificate in the certificate chain. Configuring the SERVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL SERVER. 2 Open SSL SERVER and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. 5 On the HTTP tab, enter the Key name and Passphrase to access the SERVER private key. Configure the HTTPS input connector 1 Select security configuration > SSL SERVER. 2 Select SSL Version > SSLv3.

Trust Server scenarios 17 Configuring the CLIENT Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL CLIENT. 2 Open SSL CLIENT and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. 5 On the HTTP tab, enter the Key name and Passphrase to access the CLIENT private key. Configure the HTTPS Submit output connector 1 Select Use security configuration. 2 Select Security configuration > SSL CLIENT. 3 Select SSL Version > SSLv3. Encrypted emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends encrypted emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector. Prerequisites Both SENDER and RECEIVER have the following resource in the default resource set: TS root.cer the Trust Server CA root certificate. This is the only certificate in the certificate chain.

18 Trust Server scenarios Configuring the SENDER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to ENCRYPT. 2 Open ENCRYPT and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. Configure the SMTP (MIME) output connector Select Encrypt. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to DECRYPT. 2 Open DECRYPT and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. 5 On the Email tab, enter the Key name and Passphrase to access the private key for the recipient address. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request encryption. Signed emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends signed emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector.

Trust Server scenarios 19 Prerequisites Both SENDER and RECEIVER have the following resource in the default resource set: TS root.cer the Trust Server CA root certificate. This is the only certificate in the certificate chain. Configuring the SENDER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGN. 2 Open SIGN and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. 5 On the Email tab, enter the Key name and Passphrase to access the private key for the sender address. Configure the SMTP (MIME) output connector Select Sign. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGNED. 2 Open SIGNED and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request signature.

20 Trust Server scenarios Encrypted and signed emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends signed and encrypted emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector. Prerequisites Both SENDER and RECEIVER have the following resource in the default resource set: TS root.cer the Trust Server CA root certificate. This is the only certificate in the certificate chain. Configuring the SENDER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGN_ENCRYPT. 2 Open SIGN_ENCRYPT and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server. 5 On the Email tab, enter the Key name and Passphrase to access the private key for the sender address. Configure the SMTP (MIME) output connector Select Sign and Encrypt. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGNED_ENCRYPTED. 2 Open SIGNED_ENCRYPTED and select the type Trust Server. 3 On the Certificates tab, add the certificate resource TS root.cer. 4 On the Trust Server tab, enter the Trust Server URL, and the User name and Password to access the Trust Server.

Trust Server scenarios 21 5 On the Email tab, enter the Key name and Passphrase to access the private key for the recipient address. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request signature and Request encryption.

22 Legacy security configurations Legacy security configurations If the StreamServer, or any of the involved parties (SSL server/client and email sender/receiver), are not registered in a Trust Server, you can create security configurations using locally stored certificates. To create a Legacy security configuration 1 In a resource set, create a new Security Configuration resource. 2 Give the security configuration a unique name. 3 Open the security configuration and select the type Legacy. Depending on the purpose of the security configuration, you must also configure a number of additional parameters: Security configuration for an SSL server (with client authentication) on page 22. Security configuration for an SSL server (without client authentication) on page 23. Security configuration for an SSL client (with client authentication) on page 24. Security configuration for an SSL client (without client authentication) on page 25. Security configuration for signing emails on page 25. Security configuration for rejecting emails from non-trusted addresses on page 26. Security configuration for encrypting emails on page 26. Security configuration for receiving encrypted emails on page 27. Security configuration for an SSL server (with client authentication) You can run the StreamServer as an SSL server that requires client authentication. To achieve this, you must create a security configuration and an HTTPS input connector, and connect the security configuration to the HTTPS input connector. Multiple clients If the StreamServer communicates with multiple clients, you must: Create one security configuration per client. Create one HTTPS input connector per client. These connectors cannot share the same port. Prerequisites The StreamServer private key file is added to the same resource set as the security configuration.

Legacy security configurations 23 The StreamServer CA root certificate is distributed to the clients. The certificates that verify the identity of the client are added to the same resource set as the security configuration. The client certificate is added to the same resource set as the security configuration. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 On the Certificates tab, add all the certificate resources to include in the certificate chain used to verify the identity of the client. 3 Click the HTTP Server tab. 4 Select the StreamServer Private key file and enter the Password to access the private key. 5 Select Client authentication and select the Client certificate. To connect the security configuration to the connector 1 Open the HTTPS input Connector Settings dialog box. 2 In the Security configuration field, browse to and select the security configuration. Security configuration for an SSL server (without client authentication) You can run the StreamServer as an SSL server that does not require client authentication. To achieve this, you must create a security configuration and an HTTPS input connector, and connect the security configuration to the HTTPS input connector. Prerequisites The StreamServer private key file is added to the same resource set as the security configuration. The StreamServer CA root certificate is distributed to the clients. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 Click the HTTP Server tab. 3 Select the StreamServer Private key file and enter the Password to access the private key. To connect the security configuration to the connector 1 Open the HTTPS input Connector Settings dialog box.

24 Legacy security configurations 2 In the Security configuration field, browse to and select the security configuration. Security configuration for an SSL client (with client authentication) You can run the StreamServer as an SSL client that communicates with an SSL server that requires client authentication. To achieve this, you must create a security configuration and an HTTPS Submit output connector (or HTTPS Poll input connector), and connect the security configuration to the connector. Prerequisites The StreamServer private key file is added to the same resource set as the security configuration. The certificates that verify the identity of the SSL server are added to the same resource set as the security configuration. The StreamServer CA root certificate and client certificate are distributed to the SSL server. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 On the Certificates tab, add all the certificate resources to include in the certificate chain used to verify the identity of the SSL server. 3 Click the Email and HTTP client tab. 4 Select the StreamServer Private key file and enter the Password to access the private key. To connect the security configuration to an HTTPS Submit output connector 1 Open the HTTPS Submit Output Connector Settings dialog box. 2 Select Use security configuration. 3 In the Security configuration field, browse to and select the security configuration. To connect the security configuration to an HTTPS Poll input connector 1 Open the HTTPS Poll Input Connector Settings dialog box. 2 In the Security configuration field, browse to and select the security configuration.

Legacy security configurations 25 Security configuration for an SSL client (without client authentication) You can run the StreamServer as an SSL client that communicates with an SSL server that does not require client authentication. To achieve this, you must create a security configuration and an HTTPS Submit output connector (or HTTPS Poll input connector), and connect the security configuration to the connector. Prerequisites The certificates that verify the identity of the SSL server are added to the same resource set as the security configuration. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 On the Certificates tab, add all the certificate resources to include in the certificate chain used to verify the identity of the SSL server. To connect the security configuration to an HTTPS Submit output connector 1 Open the HTTPS Submit Output Connector Settings dialog box. 2 Select Use security configuration. 3 In the Security configuration field, browse to and select the security configuration. To connect the security configuration to an HTTPS Poll input connector 1 Open the HTTPS Poll Input Connector Settings dialog box. 2 In the Security configuration field, browse to and select the security configuration. Security configuration for signing emails The StreamServer can sign emails. Email recipients use the signature to verify that the email comes from a trusted address. To achieve this you must create a security configuration for each From address, and enable signing of emails on the output connector that delivers the emails (SMTP (MIME) or SMTP (MIME) for MailOUT). Prerequisites The StreamServer private key file is added to the same resource set as the security configuration. The StreamServer CA root certificate is distributed to the recipients.

26 Legacy security configurations To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 Click the Email and HTTP client tab. 3 Select the StreamServer Private key file and enter the Password to access the private key. To enable signing Open the email Output Connector Settings dialog box and select Sign. Security configuration for rejecting emails from nontrusted addresses The StreamServer can reject emails from non-trusted addresses. The StreamServer uses the sender s public key to verify the identity of the sender. To achieve this you must create a security configuration, and enable rejection of emails on the EmailIN input connector. Prerequisites The certificates that verify the identity of the email sender are added to the same resource set as the security configuration. If the email senders have different CA root certificates, you must create one security configuration for each CA root certificate. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 On the Certificates tab, add all the certificate resources to include in the certificate chain used to verify the identity of the email sender. To enable rejection 1 Open the EmailIN input Connector Settings dialog box and select Retrieve email > Advanced. 2 Select Request signature. Security configuration for encrypting emails The StreamServer can encrypt emails, and prevent emails from being sent to nontrusted addresses. The StreamServer encrypts an email with the recipient s public key. To achieve this you must create a security configuration, and enable encryption of emails on the output connector that delivers the emails (SMTP (MIME) or SMTP (MIME) for MailOUT).

Legacy security configurations 27 Prerequisites The encryption certificates for all email addresses are added to the same resource set as the security configuration. Each certificate resource must be renamed to <email address>.crt, for example arnold_abc.com.crt. Note: You must not use @ use _ instead. To create a security configuration Create a new security configuration. See To create a Legacy security configuration on page 22. To enable encryption Open the email Output Connector Settings dialog box and select Encrypt. Security configuration for receiving encrypted emails The StreamServer can decrypt received emails, and reject unencrypted emails. The StreamServer decrypts emails with the private key. To achieve this you must create a security configuration, and enable rejection of unencrypted emails on the EmailIN input connector. Prerequisites The StreamServer private key file is added to the same resource set as the security configuration. The StreamServer email certificate is distributed to the senders. To create a security configuration 1 Create a new security configuration. See To create a Legacy security configuration on page 22. 2 Click the Email and HTTP client tab. 3 Select the StreamServer Private key file and enter the Password to access the private key. To enable rejection of unencrypted emails 1 Open the EmailIN input Connector Settings dialog box and select Retrieve email > Advanced. 2 Select Request encryption.

28 Legacy scenarios Legacy scenarios SSL server and SSL client with client authentication This scenario involves the two StreamServers SERVER and CLIENT. The SERVER communicates via an HTTPS input connector, and the CLIENT communicates via an HTTPS Submit output connector. The CLIENT must authenticate itself to SERVER. Prerequisites Both SERVER and CLIENT use SSL version SSLv3. SERVER has the following resources in the default resource set: Private key.pfx the private key file for SERVER. CLIENT CA root certificate.crt the CA root certificate for CLIENT. This is the only certificate in the certificate chain. CLIENT public key.crt the certificate for CLIENT. CLIENT has the following resources in the default resource set: SERVER CA root certificate.crt the CA root certificate for SERVER. This is the only certificate in the certificate chain. Private key.pfx the private key file for CLIENT. Configuring the SERVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL SERVER. 2 Open SSL SERVER and select the type Legacy. 3 On the Certificates tab, add the certificate resource CLIENT CA root certificate.crt. 4 On the HTTP Server tab, select Private key file > Private key.pfx and enter the Password to access the private key. 5 Select Client authentication and select Client certificate > CLIENT public key.crt.

Legacy scenarios 29 Configuring the CLIENT Configure the HTTPS input connector 1 Select security configuration > SSL SERVER. 2 Select SSL Version > SSLv3. Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL CLIENT. 2 Open SSL CLIENT and select the type Legacy. 3 On the Certificates tab, add the certificate resource SERVER CA root certificate.crt. 4 On the Email and HTTP client tab, select Private key file > Private key.pfx and enter the Password to access the private key. Configure the HTTPS Submit output connector 1 Select Use security configuration. 2 Select Security configuration > SSL CLIENT. 3 Select SSL Version > SSLv3. SSL server and SSL client without client authentication This scenario involves the two StreamServers SERVER and CLIENT. The SERVER communicates via an HTTPS input connector, and the CLIENT communicates via an HTTPS Submit output connector. The CLIENT does not authenticate itself to SERVER. Prerequisites Both SERVER and CLIENT use SSL version SSLv3. SERVER has the following resource in the default resource set: Private key.pfx the private key file for SERVER. CLIENT has the following resource in the default resource set: SERVER CA root certificate.crt the CA root certificate for SERVER. This is the only certificate in the certificate chain.

30 Legacy scenarios Configuring the SERVER Configuring the CLIENT Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL SERVER. 2 Open SSL SERVER and select the type Legacy. 3 On the HTTP Server tab, select Private key file > Private key.pfx and enter the Password to access the private key. Configure the HTTPS input connector 1 Select security configuration > SSL SERVER. 2 Select SSL Version > SSLv3. Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SSL CLIENT. 2 Open SSL CLIENT and select the type Legacy. 3 On the Certificates tab, add the certificate resource SERVER CA root certificate.crt. Configure the HTTPS Submit output connector 1 Select Use security configuration. 2 Select Security configuration > SSL CLIENT. 3 Select SSL Version > SSLv3. Encrypted emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends encrypted emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector. Prerequisites SENDER has the following resource in the default resource set: info_abc.com.crt the encryption certificate for RECEIVER.

Legacy scenarios 31 RECEIVER has the following resource in the default resource set: Private key.p12 the private key file for RECEIVER. Configuring the SENDER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to ENCRYPT. 2 Open ENCRYPT and select the type Legacy. Configure the SMTP (MIME) output connector Select Encrypt. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to ENCRYPTED. 2 Open ENCRYPTED and select the type Legacy. 3 On the Email and HTTP client tab, select Private key file > Private key.p12 and enter the Password to access the private key. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request encryption. Signed emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends signed emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector. Prerequisites SENDER has the following resource in the default resource set: Private key.p12 the private key file for SENDER. RECEIVER has the following resource in the default resource set:

32 Legacy scenarios Configuring the SENDER SENDER CA root certificate.crt the CA root certificate for SENDER. This is the only certificate in the certificate chain. Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGN. 2 Open SIGN and select the type Legacy. 3 On the Email and HTTP client tab, select Private key file > Private key.p12 and enter the Password to access the private key. Configure the SMTP (MIME) output connector Select Sign. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGNED. 2 Open SIGNED and select the type Legacy. 3 On the Certificates tab, add the certificate resource SENDER CA root certificate.crt. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request signature. Signed and encrypted emails This scenario involves the two StreamServers SENDER and RECEIVER. The SENDER sends signed and encrypted emails to the RECEIVER via an SMTP (MIME) output connector, and the RECEIVER receives the emails via an EmailIN input connector. Prerequisites SENDER has the following resources in the default resource set:

Legacy scenarios 33 info_abc.com.crt the encryption certificate for RECEIVER. Private key.p12 the private key file for SENDER. RECEIVER has the following resources in the default resource set: Private key.p12 the private key file for RECEIVER. SENDER CA root certificate.crt the CA root certificate for SENDER. This is the only certificate in the certificate chain. Configuring the SENDER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGN ENCRYPT. 2 Open SIGN ENCRYPT and select the type Legacy. 3 On the Email and HTTP client tab, select Private key file > Private key.p12 and enter the Password to access the private key. Configure the SMTP (MIME) output connector Select Sign and Encrypt. Configuring the RECEIVER Create the Security configuration 1 Add a security configuration to the default resource set and rename it to SIGNED ENCRYPTED. 2 Open SIGNED ENCRYPTED and select the type Legacy. 3 On the Certificates tab, add the certificate resource SENDER CA root certificate.crt. 4 On the Email and HTTP client tab, select Private key file > Private key.p12 and enter the Password to access the private key. Configure the EmailIN input connector 1 Select Retrieve email > Advanced. 2 Select Request signature and Request encryption.

34 Security configuration GUI reference Security configuration GUI reference Security configuration type Trust Server Legacy All certificate information is retrieved from an XKMS (XML Key Management Specification) compliant Trust Server. Only the root CA that verifies the identity of the Trust Server is stored in a file. See Trust Server settings on page 34. All digital certificates are stored locally. See Legacy settings on page 35. Trust Server settings Certificates tab On this tab, you add all certificate resources to include in the certificate chain used to verify the identity of the Trust Server. Trust Server tab On this tab you specify the connection to the Trust Server. Settings URL User Password The Trust Server URL. The user name to access the Trust Server. The password to access the Trust Server. HTTP tab Use this tab when the StreamServer must authenticate itself to SSL clients or SSL servers. On this tab you enable access to the StreamServer private key. Settings Key name Passphrase The key name assigned to the StreamServer when it was registered in the Trust Server. The key name corresponds to a private key. The passphrase the StreamServer must use to access the private key.

Security configuration GUI reference 35 Email tab Use this tab when the StreamServer must sign or decrypt emails. On this tab you enable access to the StreamServer private key. Settings Key name Passphrase The key name assigned to the StreamServer when it was registered in the Trust Server. The key name corresponds to a private key. The passphrase the StreamServer must use to access the private key. Legacy settings Certificates tab On this tab, you add all certificate resources to include in the certificate chain used to verify the identity of the SSL server or SSL client. HTTP Server tab Use this tab when the StreamServer runs as an SSL server. On this tab you enable access to the StreamServer private key and, if required, the client certificate. Settings Private key file Password Client Authentication Client certificate The private key file the StreamServer must use to authenticate itself. The private key file must be included in the same resource set as the security configuration. The password the StreamServer must use to access the private key file. Select if this StreamServer requires client authentication. The client certificate. The StreamServer must use this certificate to verify the identity of the client. The client certificate must be included in the same resource set as the security configuration.

36 Security configuration GUI reference Email and HTTP Client tab Use this tab when the StreamServer runs as an SSL client that must authenticate itself to the SSL server, or when it should sign or decrypt emails. Settings Private key file Password The private key file the StreamServer must use to authenticate itself or to decrypt emails. The private key file must be included in the same resource set as the security configuration. The password the StreamServer must use to access the private key file.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information