Public Certificate Directory Service



Publish your S/MIME certificates and retrieve partner certificates automatically for a convenient end-to-end encryption of e-mails.


End-to-End Encryption

Exchange encrypted e-mails from client to client with external partners using standard apps like Outlook.

 

Make public Keys public

Provide user encryption certificates from your AD to the outside world in a secure way via LDAP or web browser.


Encrypt to anyone

Provide millions of S/MIME certificates from connected global directories or just use ad-hoc certificates.


"Secardeo certBox is used by large corporations for the enforcement of end-to-end encryption of e-mails with external partners using standard applications."

Promote S/MIME!


  • Make S/MIME encryption convenient to your users and partners.
  • No user frustration for getting and importing the required public keys of recipients.
  • Completely user-transparent encryption using Outlook or other standard mail apps.


Maximize security ROI!


  • Get the most out of your PKI investments by enforcing S/MIME usage.
  • Common S/MIME encryption in external communication reduces risk of information theft significantly.
  • Zero time efforts for exchanging keys result in considerable cost reduction


Publish certificates for inbound encryption!


  • Synchronize with your Active Directory and publish internal user certificates to the internet.
  • Optionally act as a secure proxy and forward search requests to the internal AD.
  • Search requests will be governed by blocking policies so address harvesting is infeasible!



Retrieve certificates for outbound encryption!


  • Certificates of your e-mail recipients are searched in ca. 150 connected PKI directories.
  • Directories of CA providers, PKI bridges and global organizations.
  • Your partners can easily upload their certificates to your certBox and make them available to your users.
  • For recipients who do not own a certificate, ad-hoc certificates can be issued by certBox: Encrypt to anybody.

How it works

Standard e-mail clients like Outlook or Thunderbird support e-mail encryption based on the S/MIME standard. In order to encrypt for your internal users, external partners require your public certificates. If your internal users want to encrypt, they need the certificates of their external recipients. Instead of letting users exchange their certificates manually this job has to be automated. The Secardeo certBox is a certificate directory service that serves for these two tasks:

 

  • Secure publishing of internal S/MIME certificates to the internet for inbound encryption
  • Global retrieval of external X.509 certificates to internal clients for outbound encryption


For inbound encryption, the Secardeo certBox enables the secure access to the enterprise’s encryption certificates. This can be achieved in the operational mode as a secure LDAP proxy or as an external certificate directory. Retrieval of X.509 certificates can be done automatically with standard e-mail clients using LDAP. Users may also download certificates manually by protected web forms. Address harvesting attacks will be defeated efficiently and internal directory structures remain hidden. The certBox may also be used for publishing certificate revocation lists for HTTP or LDAP CRL download. The certificates being published by the certBox may be synchronized automatically with Active Directory via certSync.


For outbound encryption, searching for external digital certificates by Outlook and other client applications is done automatically via LDAP. A user can also download certificates manually via HTML browser. The certBox provides a high grade of PKI interoperability by its integrated PKI directory database. With it, millions of user encryption certificates can be found by the certificate broker. Partners who do not provide an own LDAP directory may upload their certificates to your certBox. End-to-end encryption is even possible for recipients who do not have an X.509 certificate using ad-hoc certificates by certBox ICE. The internal user can encrypt as usual to anybody or even to a domain-address on the whitelist.

The recipient can easily download and install the decryption key or he can easily decrypt the message using the web-decrypter.

  • Features

    • Publishing and searching for X.509 certificates and PGP keys via LDAP and HTTP
    • Rule based localisation of the corresponding certificate repository
    • Built-in certificate repository list (~150) and CA certificate trust list
    • LDAP filter for popular e-mail clients; HTML search interface protected by CAPTCHA
    • Public repository for your organization’s certificates (certificate store)
    • Comfortable options for import/export and certificate management 
    • LDAP proxy provides access control and patented DN encryption for search requests from outside
    • Local caching of external certificates and business partner store
    • Policy based central certificate validation using CRLs and OCSP
    • Ad-hoc certification of recipients without a certificate (Identity Certified Encryption - ICE)
    • Decryption for recipients without S/MIME client via Web-Decrypter
    • Partner certificate upload/removal form and support for organisational certificates 
    • Authentication for requests from and towards the external and internal network
    • Statistics for in– and outbound searches and performance check
    • HTTP CRL-Proxy
    • REST API
    • High availability using certbox cluster
    • Synchronisation with MS Active Directory (using optional Windows service certSync)

Resources