Smart way to rollout S/MIME certificates
Please Login to Remove!
Hi guys,
I am struggling with the planned roll out of S/MIME certificates in our environment.
The main issue seems to be the private key: As of KB18586, you can (1) send it by mail or (2) use desktop manager sync tool.
We do not use desktop manager, so (2) is not an option. I have a bad feeling with (1) because you transmit the private key over an insecure channel.
I tried downloading the pfx/p12 file via the browser (SSL). But that gave me an error ("The file received from the webserver was recognized as a certificate file on the device. However, the data itself was not a valid certificate. Please contact the webmaster for assistance").
I was wondering, if any of you found another smarter way of rolling out certificates ... maybe there is a tiny application doing the job out there?
If there is no other way, I will probably live with the mail option and try to transmit the p12 password to the user securely ... but still there must be a better option.
Greetings,
Neo3000
__________________
BES 4.1.7 (20 servers), Domino 7.0.3 with 19000+ users
BES 5.0.2 (8 server), Exchange 2010 SP1 with 1000+ users
|