Public Certificate Directory Service
Publish your S/MIME certificates and retrieve partner certificates automatically for a convenient end-to-end encryption of e-mails.
End-to-End Encryption
Exchange encrypted e-mails from client to client with external partners using standard apps like Outlook.
Make public Keys public
Provide user encryption certificates from your AD to the outside world in a secure way via LDAP or web browser.
Encrypt to anyone
Provide millions of S/MIME certificates from connected global directories or just use ad-hoc certificates.
"Secardeo certBox is used by large corporations for the enforcement of end-to-end encryption of e-mails with external partners using standard applications."
Promote S/MIME!
- Make S/MIME encryption convenient to your users and partners.
- No user frustration for getting and importing the required public keys of recipients.
- Completely user-transparent encryption using Outlook or other standard mail apps.

Maximize security ROI!
- Get the most out of your PKI investments by enforcing S/MIME usage.
- Common S/MIME encryption in external communication reduces risk of information theft significantly.
- Zero time efforts for exchanging keys result in considerable cost reduction
Publish certificates for inbound encryption!
- Synchronize with your Active Directory and publish internal user certificates to the internet.
- Optionally act as a secure proxy and forward search requests to the internal AD.
- Search requests will be governed by blocking policies so address harvesting is infeasible!

Retrieve certificates for outbound encryption!
- Certificates of your e-mail recipients are searched in ca. 150 connected PKI directories.
- Directories of CA providers, PKI bridges and global organizations.
- Your partners can easily upload their certificates to your certBox and make them available to your users.
- For recipients who do not own a certificate, ad-hoc certificates can be issued by certBox: Encrypt to anybody.
How it works
Standard e-mail clients like Outlook or Thunderbird support e-mail encryption based on the S/MIME standard. In order to encrypt for your internal users, external partners require your public certificates. If your internal users want to encrypt, they need the certificates of their external recipients. Instead of letting users exchange their certificates manually this job has to be automated. The Secardeo certBox is a certificate directory service that serves for these two tasks:
- Secure publishing of internal S/MIME certificates to the internet for inbound encryption
- Global retrieval of external X.509 certificates to internal clients for outbound encryption
For inbound encryption, the Secardeo certBox enables the secure access to the enterprise’s encryption certificates. This can be achieved in the operational mode as a secure LDAP proxy or as an external certificate directory. Retrieval of X.509 certificates can be done automatically with standard e-mail clients using LDAP. Users may also download certificates manually by protected web forms. Address harvesting attacks will be defeated efficiently and internal directory structures remain hidden. The certBox may also be used for publishing certificate revocation lists for HTTP or LDAP CRL download. The certificates being published by the certBox may be synchronized automatically with Active Directory via certSync.
For outbound encryption, searching for external digital certificates by Outlook and other client applications is done automatically via LDAP. A user can also download certificates manually via HTML browser. The certBox provides a high grade of PKI interoperability by its integrated PKI directory database. With it, millions of user encryption certificates can be found by the certificate broker. Partners who do not provide an own LDAP directory may upload their certificates to your certBox. End-to-end encryption is even possible for recipients who do not have an X.509 certificate using ad-hoc certificates by certBox ICE. The internal user can encrypt as usual to anybody or even to a domain-address on the whitelist.
The recipient can easily download and install the decryption key or he can easily decrypt the message using the web-decrypter.