Configure CipherMail Gateway

The CipherMail EJBCA connector requires some configuration steps.

To make sure the EJBCA config is loaded at startup, create a symlink to the EJBCA config file:

cd /usr/share/djigzo/conf/spring/spring.d
sudo ln -s ../ejbca-certificate-request-handler.xml

The ejbca-certificate-request-handler.xml file contains EJBCA specific settings which should be modified to match the EJBCA setup.

The following settings should be modified to match the EJBCA setup

For the reminder of this guide we assume the following:

Configure EJBCA

This guide will setup a minimal EJBCA configuration. For a production setup, a more advanced setup might be needed.

Login to EJBCA administration page
Open the “Manage Certification Authorities” page (Certification Authorities)
Set the “Add CA” field to SMIMECA, then click Create…
Set “Validity” to some date in the future. For example “2030-10-20 09:48:14+00:00”
Set “CA Serial Number Octet Size” to 4
Click Create to create the CA

Open the “Manage End Entity Profiles” page (End Entity Profiles)
Add a new profile with name SMIME
Select the newly added profile and click Edit End Entity Profile
Under “Subject DN Attributes”, select “emailAddress, E-mail address in DN” for the “Subject DN Attributes” field and click Add
Under “Other subject attributes”, select “RFC 822 name (e-mail address)” for the “Subject Alternative Name” field and click Add
In the field “Default Certificate Profile”, select SMIME
In the field “Available Certificate Profiles”, select SMIME
In the field “Default CA”, select SMIMECA
In the field “Available CAs”, select SMIMECA
Click Save

You should now be able to request certificates from EJBCA using the EJBCA certificate request handler: