MailSecurity: support SMIME Domain Certificates for encryption
Being able to encrypt all emails of a specific domain with only a single certificate. This makes message based email encryption an lot easier and astaro more compatible with other email encryption players
need also smime domain certificates for email protection
need this feature - many company will use it ...
James Brown commented
This would be fantastic. We have had to spend a fortune getting S/MIME certs for all our email users. If only we could use one for the whole domain - that would be great.
Timm Schneider commented
what we need here is the possibility to but another root-CA Certificate on the Sophos UTM like CA-Cert.
the use of gateway certificates is described in RFC 3183 "Domain Security Services using S/MIME"... so the comment, that there is no rfc is incorrect... the only problem may be, that this rfc is "experimental"..
Jens Meyer commented
I can't believe version 8.2 still does not support site-to-site encryption! We are going to lose customers to competitors if Astaro does not implement this feature in the near future. The current situation really gets us into trouble as many customers expect such a functionality when a product is called "mail security". Telling them that this title is misleading really does not help to make people believe in the quality of Astaro products.
Stephan Fietzek commented
Maybe there is no RFC standard for domain certificates but there are many companies outside using this. So I hope Astaro will support them in the future.
Stephan Pfeiffer commented
This means the same?
Gateway certificate would be gret!
I phoned with Astaro about this and they told me that the reason for not implementing this that there is no RFC/standard for this + it would break one of the principles/goals of encryption (authenticity).
it should be possible to use a certificate from an official CA
No words of mine can express the heartfelt loss at seeing that this functionality does not exist (yet?) in the Astaro gateway products.
For business partners with whom we want to send critical business emails...time to look for another alternative...sigh...