Administer > Status and notifications > Service Manager email solutions > Smart Email > Set up outbound email > Append an S/MIME digital signature to outbound emails

Append an S/MIME digital signature to outbound emails

Secure/Multipurpose Internet Mail Extensions (S/MIME) is a method of exchanging emails securely. With the S/MIME technology, a digital signature can be appended to email messages to ensure non-repudiation and data integrity.

Starting with SM 9.33, you can enable a mechanism in Service Manager to allow for the signing of outbound email messages using the S/MIME technology. Once you enable this feature, the recipients can verify the signature on their mail system (for example, Microsoft Outlook), to make sure that the email messages are truly originated from Service Manager without being intercepted in transit.

Prerequisites

Your system must contain the unlimited strength jurisdiction policy files for JDK to support the S/MIME signature feature.

Server platform Actions
  • Windows
  • Linux
No actions required. The unlimited strength jurisdiction policy files are already in the server's embedded JRE.

Steps to enable S/MIME signatures

To enable an S/MIME digital signature for outbound emails from Service Manager, you need to obtain or generate a PKCS12 certificate and then specify three server parameters in the sm.ini file or the emailout parameter: SMIMEKeystore, SMIMEKeystorePass, and SMIMEKeyAlias.

The following is an example of enabling S/MIME digital signatures for outbound emails:

  1. Generate the keystore in PKCS12 format. For example, with the OpenSSL toolkit, you can use the following openssl command:

    keytool -genkey -keystore smemailkey.p12 -storepass smemailkeystorepass -alias smemailkeyalias -storetype pkcs12

  2. Place the generated keystore file (smemailkey.p12) in the <SM Server>/RUN directory.
  3. Configure these parameters in sm.ini:

    SMIMEKeystore:smemailkey.p12

    SMIMEKeystorePass:smemailkeystorepass

    SMIMEKeyAlias:smemailkeyalias

    Tip

    An alternative way to set these parameters is to add the parameters to the emailout process in sm.cfg, as shown in the following example:

    sm -emailout -mailFrom:xx -smtphost:xx -smtpport:xx -SMIMEKeystore:smemailkey.p12 -SMIMEKeystorePass:smemailkeystorepass -SMIMEKeyAlias:smemailkeyalias

  4. Restart the Service Manager server.

Related topics

Startup parameter: emailout