S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for secure email communication. It allows users to send and receive encrypted and digitally signed messages, ensuring that the message has not been tampered with and that it came from the sender it claims to be from. S/MIME uses a combination of public key encryption and digital certificates to provide security. The recipient of an S/MIME-secured message uses their private key to decrypt the message, while the sender uses their private key to digitally sign the message.

The dialog is split into the following two sections:

• Email Signing
• Email Encryption

Certificates for signing emails are provided in this configuration section. They will be used for all emails in the i-net HelpDesk server that match the respect certificate. Incoming emails can only be decrypted if the private certificate is present. Multiple certificates can be provided and edited in the configuration,

The option Digitally sign messages uses the public certificate, included in any private S/MIME certificate, to sign outgoing emails. Signing an outgoing email allows the recipient to receive the public certificate part and use it in turn to encrypt emails in their responses.

There is an additional Dialog to upload new S/MIME certificates.

Note: Multiple S/MIME certificates can be added for the same email address, e.g. before the previous one expires. The certificate with the longer duration is always used.

Public S/MIME certificates can be used by the i-net HelpDesk server to encrypt outgoing emails, e.g. using the TaskPlanner, Error Handler and other components. You have to enable the option Send encrypted emails to addresses with a public certificate.

There is an additional Dialog to upload new public S/MIME certificates.

Note: The option is on by default, but emails can only be encrypted if digital signing is enabled as well. Since there are plugins that may automatically read and provide additional public certificates, it may be desired to not send emails encrypted automatically.

Note: Emails are only encrypted as long as the public certificate is valid and has not yet expired.