Configuring corporate directories
In a security policy, you can indicate the LDAP directories to use to provide user certificates and configure the certificate search criteria in the directory.
Directories must be added beforehand in the Certificate library menu.
Directories selected in a security policy make it possible to automatically add users to local trusted address book. From their trusted address books, users can also manually search for certificates originating from LDAP directories selected in the policy:
The configuration of the trusted address book and associated LDAP directories can be looked up in read-only mode from the SDS Enterprise agent.
For more information, refer to the section Managing the trusted address book from the SDS Enterprise agent.
SDMC also makes it possible to indicate the addresses of the WKD servers used to encrypt PGP messages.
In Policy > Directories > LDAP, allow the use of the generic character "*" as a suffix if necessary, and the inclusion of the search filter "usercertificate; binary".
Click on Add from library in LDAP/LDAPS directories.
Select one or more directories.
Change the order of directories if necessary by clicking and dragging.
Every time the corporate LDAP directory is updated, SDMC makes it possible to automatically update the local trusted address book to reflect changes.
The options in the Trusted directory update section in Policy > Directories > LDAP enable the modular configuration of automatic updates.
|Activation and execution
|Certificates update from an LDAP directory
|Enable these options to update the statuses of certificates in the local directory.
|Deletion of expired or revoked certificates, or certificates removed from the LDAP
|If you do not wish to delete from the local directory certificates that have expired or been revoked or removed from the LDAP directory, you can select the issuing certification authorities to filter the certificates that you wish to delete.
To enable users to send and receive e-mails encrypted in PGP format with the Stormshield Data Mail feature, you must:
Enable PGP message encryption/decryption in Features > Mail in the policy.
Add the addresses of one or several WKDs (Web Key Directories) to query in Directories > PGP. These public key directories allow Stormshield Data Mail to retrieve the public PGP keys belonging to the recipients of encrypted e-mails.
To add WKD servers:
In the PGP tab in the Directories menu, indicate the URLs of the WKD servers by following one of the formats below, and by adapting them to the domain (or sub-domain) names of the servers:
The sections in bold must not be modified.
SDS Enterprise communicates with WKD servers in HTTPS. All computers on which Stormshield Data Mail has been installed must therefore have the certificate from the authority that issued the SSL certificate of the WKD server.