5. Certificate management¶
In this chapter we will describe how to manage the certificates stored on the server.
5.1. User certificate management¶
Certificates can be managed via the certificate manager in the WebApp. This manager can be accessed via the S/MIME settings tab located in the settings menu. Within the certificate manager the user can search for certificates, view the details of the certificate and remove certificates.
Removing certificates might cause problems with the S/MIME functionality such as mail encryption.
5.2. Use public keys from Global Address book users¶
The userCertificate attribute holds the X.509 certificates issued to the user by one or more certificate authorities. As required by this attribute type’s syntax, values of this attribute are requested and transferred using the attribute description “userCertificate;binary”.
The administrator should set the following property into the ldap.propmap:
PR_EMS_AB_X509_CERT (aka PR_EMS_AB_TAGGED_X509_CERT) 0x8C6A1102 = userCertificate;binary
After this change the kopano-server should be restarted and all the changes should be synced:
service kopano-server restart && kopano-admin --sync
In ldap config set the following:
ldap_user_certificate_attribute = userCertificate;binary
Mapped properties can be checked with:
kopano-admin --details <user>
The userCertificate attribute (also referred to as X509-Cert) in Active Directory stores DER Encoded X.509 v3 certificates that are associated with a user.
5.3. Certificate management with Python-Kopano¶
Another possibility for administrators is using python-kopano MAPI bindings to control certificates stored on the server. This way, you can manage certificates without logging into an Kopano account.
Example: This python script will list all the certificates on the server.
#!/usr/bin/env python import kopano from MAPI.Tags import * for username in kopano.Server().users(remote=True): try: for item in username.store.root.associated.items(): print username.name,item.prop(PR_MESSAGE_CLASS).value,item.subject except: pass