5. Certificate management

In this chapter we will describe how to manage the certificates stored on the server.

5.1. User certificate management

Certificates can be managed via the certificate manager in the WebApp. This manager can be accessed via the S/MIME settings tab located in the settings menu. Within the certificate manager the user can search for certificates, view the details of the certificate and remove certificates.

Certificate manager

Warning

Removing certificates might cause problems with the S/MIME functionality such as mail encryption.

5.2. Use public keys from Global Address book users

5.2.1. OpenLDAP

The userCertificate attribute holds the X.509 certificates issued to the user by one or more certificate authorities. As required by this attribute type’s syntax, values of this attribute are requested and transferred using the attribute description “userCertificate;binary”.

The administrator should set the following property into the ldap.propmap:

PR_EMS_AB_X509_CERT (aka PR_EMS_AB_TAGGED_X509_CERT)
0x8C6A1102 = userCertificate;binary

After this change the kopano-server should be restarted and all the changes should be synced:

service kopano-server restart && kopano-admin --sync

In ldap config set the following:

ldap_user_certificate_attribute = userCertificate;binary

Mapped properties can be checked with:

kopano-admin --details <user>

5.3. Certificate management with Python-Kopano

Another possibility for administrators is using python-kopano MAPI bindings to control certificates stored on the server. This way, you can manage certificates without logging into an Kopano account.

Example: This python script will list all the certificates on the server.

#!/usr/bin/env python
import kopano
from MAPI.Tags import *

for username in kopano.Server().users(remote=True):

try:
        for item in username.store.root.associated.items():
                print username.name,item.prop(PR_MESSAGE_CLASS).value,item.subject
except:
        pass