MailSecurity: support SMIME Domain Certificates for encryption
Being able to encrypt all emails of a specific domain with only a single certificate. This makes message based email encryption an lot easier and astaro more compatible with other email encryption players
Sebastian Engler commented
Same here- SMIME for mail protection needed
While you're at it, don't forget to implement RFC8162 as well (Lookup of target address certificates using DANE).
We need also smime domain certificates for email protection. Our partner has only one domain certificate. What can we do?
Idea is seven years old and the function is still needed. 271 votes until now.
And no response or message from Sophos?
need also smime domain certificates for email protection
need this feature - many company will use it ...
James Brown commented
This would be fantastic. We have had to spend a fortune getting S/MIME certs for all our email users. If only we could use one for the whole domain - that would be great.
Timm Schneider commented
what we need here is the possibility to but another root-CA Certificate on the Sophos UTM like CA-Cert.
the use of gateway certificates is described in RFC 3183 "Domain Security Services using S/MIME"... so the comment, that there is no rfc is incorrect... the only problem may be, that this rfc is "experimental"..
Jens Meyer commented
I can't believe version 8.2 still does not support site-to-site encryption! We are going to lose customers to competitors if Astaro does not implement this feature in the near future. The current situation really gets us into trouble as many customers expect such a functionality when a product is called "mail security". Telling them that this title is misleading really does not help to make people believe in the quality of Astaro products.
Stephan Fietzek commented
Maybe there is no RFC standard for domain certificates but there are many companies outside using this. So I hope Astaro will support them in the future.
Stephan Pfeiffer commented
This means the same?
Gateway certificate would be gret!
I phoned with Astaro about this and they told me that the reason for not implementing this that there is no RFC/standard for this + it would break one of the principles/goals of encryption (authenticity).
it should be possible to use a certificate from an official CA
No words of mine can express the heartfelt loss at seeing that this functionality does not exist (yet?) in the Astaro gateway products.
For business partners with whom we want to send critical business emails...time to look for another alternative...sigh...