Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual

Also see for GROUPWISE 7 - SECURITY POLICIES: Manual Manual Manual Manual Manual

Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual Manual pdf 9 page image

Encryption and Certificates71novdocx (en) 11 December 2007111771Encryption and CertificatesAlthough GroupWise® native encryption is employed throughout your GroupWise system,additional security measures should be utilized to secure your GroupWise data. Section 71.1, “Personal Digital Certificates, Digital Signatures, and S/MIME Encryption,” onpage 1117 Section 71.2, “Server Certificates and SSL Encryption,” on page 1119 Section 71.3, “Trusted Root Certificates and LDAP Authentication,” on page 1123See also Part XVI, “Security Policies,” on page 1159.71.1 Personal Digital Certificates, DigitalSignatures,and S/MIME EncryptionIf desired, you can implement S/MIME encryption for GroupWise client users by installing varioussecurity providers on users’ workstations, including: Entrust* 4.0 or later (http://www.entrust.com) Microsoft Base Cryptographic Provider 1.0 or later (included with Internet Explorer 4.0 orlater) Microsoft Enhanced Cryptographic Provider 1.0 or later (http://www.microsoft.com/windows/ie/downloads/recommended/128bit/default.asp) Microsoft Strong Cryptographic Provider (http://www.siliconprairiesc.com/spsckb/EncryptAll/strong_cryptographic_provider.htm) Gemplus GemSAFE Card CSP 1.0 or later (http://www.gemplus.com) Schlumberger Cryptographic Provider (http://www.slb.com)For additional providers, consult the Novell Partner Product Guide (http://www.novell.com/partnerguide).These products enable users to digitally sign and/or encrypt their messages using S/MIMEencryption. When a sender digitally signs a message, the recipient is able to verify that the item wasnot modified en route and that it originated from the sender specified. When a sender encrypts amessage, the sender ensures that the intended recipient is the only one who can read it. Digitallysigned and/or encrypted messages are protected as they travel across the Internet, whereas nativeGroupWise encryption is removed as messages leave your GroupWise system.After users have installed the S/MIME security providers on their workstations, you can configuredefault functionality for it in ConsoleOne® (Domain, Post Office, or User object > Tools >GroupWise Utilities > Client Options > Send > Security). You can specify a URL from which youwant users to obtain their S/MIME certificates. You can require the use of digital signatures and/orencryption, rather than letting users decide when to use them. You can even select the encryptionalgorithm and encryption key size if necessary. For more information, see Section 65.2.2,“Modifying Send Options,” on page 1062.