A data security specialist by Swiss Post

Main section

4.2. Configuring the CMC interface for SEPPmail Appliance

A SwissSign MPKI that issues SwissSign certificates from the SEPPmail Appliance via the email gateway has been set up for you. 
The SEPPmail Appliance communicates with the certification body SwissSign over the CMC interface, as it is known, 
allowing you to obtain certificates automatically for emails. 
Before you configure the Appliance, make sure that you have covered points 2 and 5 of the instructions on setting up the MPKI

Configuring the MPKI in your SEPPmail Appliance

  1. Navigate to the Connector section of the MPKI menu and choose the SwissSign setting as the MPKI type. 

  2. Click Select. The menu will then expand and further sections will appear. 

  3. Go to MPKI managed domains and select those domains you wish to obtain certificates for over the MPKI interface (you can select multiple domains by pressing Ctrl). Click Save to save the selected settings. 

  4. Enter the configuration data from the SwissSign welcome email in the Default Parameters section: 


    Static subject part:

       For Silver certificates: leave this field empty

       For Gold certificates: O=name of your organisation/C=your country code

    Account name: ‘Company ID’.ra

    Product name: ‘Company ID’- product type

    Service URL: https://ra.swisssign.net/ws/cmc



  5. Switch to the Certificate section and select the Auto-RAO access certificate. Enter the associated password under PKCS12 password and click Save’ in the bottom left-hand corner of the screen. The following message should appear: ‘an operator certificate with valid password has been found’ 

  6. Switch to the Settings section. 


When you click ‘Add or update…’, you add/update the intermediate certificates under X.509 Root Certificates that are required to add the certificate chain when signing emails. 
Set the desired certificate term overlap in the Settings section under ‘Automatically renew expiring certificates if validity days left less than’. Click Save in the bottom left-hand corner to complete this part too. 
If access credentials from the welcome email are copied directly into the configuration interface, problems with interpreting characters and thus malfunctions may occur due to the email’s HTML format. SEPPmail therefore recommends copying the access credentials into a text editor first or entering the data manually. 
Some characters, such as apostrophes, may be particularly problematic due to their notation. If applicable, different variants should be tried. 
Furthermore, you must ensure that, when entering and/or copying access credentials, no leading or closing spaces are accidentally pasted as well.