CA DataMinder policy engines use the Secure Sockets Layer protocol (SSL) to establish a secure connection to the Voltage SecureMail web service. To ensure that the policy engine and SecureMail web service trust each other, each policy engine must hold a copy of the root certificate that was used to generate the SecureMail certificate.
To install the SecureMail root certificate on your policy engine
Use the Microsoft Management Console to manage root certificates on your policy engine host servers. If required, you can export the root certificate from your SecureMail server and import it onto your policy engine host servers. Exported certificates are saved as files. Copy the file to your policy engine host server and then double-click the file to launch the certificate import wizard.
For further details, search for 'configuring SSL certificates' and 'importing CA and root certificates' in the Voltage SecureMail Management Console Administrator Guide.
How does the SSL connection work?
SSL communications between the policy engines and SecureMail web service are encrypted using public/private key encryption.
When you install a Voltage SecureMail server, an SSL certificate is assigned to the SecureMail web service. This certificate was generated from a root certificate. The root certificate is signed by a certificate authority that is trusted by SecureMail (the ‘trusted certificate authority’).
When the policy engine establishes an SSL connection, it obtains a public key from the same root certificate that was used to generate the SecureMail certificate. A copy of this root certificate must be already installed on the policy engine host server.
Next, the policy engine requests the SecureMail certificate. Because the SecureMail certificate is signed by a certificate authority that the policy engine trusts, the policy engine proceeds with the connection and encrypts the communication using the public key.
The SecureMail web service then uses a private key to decrypt the encrypted communication.
Note: Browsers ship with, and regularly update, a set of certificates signed by trusted certificate authorities to ensure that connections can be verified.
|
Copyright © 2014 CA.
All rights reserved.
|
|