Novell GROUPWISE 8 - ADMINISTRATION Administration Manual page 1160

After you have configured S/MIME functionality in ConsoleOne, GroupWise users must select the
security provider (Windows client > Tools > Options > Security > Send Options) and then obtain a
personal digital certificate. Unless you installed Entrust, users can request certificates (Windows
client > Tools > Options > Certificates > Get Certificate). If you provided a URL, users are taken to
the Certificate Authority of your choice. Otherwise, certificates for use with GroupWise can be
obtained from various certificate providers, including:
Novell, Inc. (if you have installed
www.novell.com/products/certserver))
VeriSign*, Inc. (http://www.verisign.com)
Thawte* Certification (http://www.thawte.com)
GlobalSign* (http://www.globalsign.com)
NOTE: Some certificate providers charge a fee for certificates and some do not.
After users have selected the appropriate security provider and obtained a personal digital
certificate, they can protect their messages with S/MIME encryption by digitally signing them
(Windows client > Actions > Sign Digitally) and/or encrypting them (Windows client > Actions >
Encrypt). Buttons are added to the GroupWise toolbar for convenient use on individual messages, or
users can configure GroupWise to always use digital signatures and/or encryption (Windows client
> Tools > Options > Security > Send Options). The messages they send with digital signatures and/
or encryption can be read by recipients using any other S/MIME-enabled e-mail product.
GroupWise Windows client users are responsible for managing their personal digital certificates.
Users can have multiple personal digital certificates. In the GroupWise client, users can view their
own certificates, view the certificates they have received from their contacts, access recipient
certificates from LDAP directories (see
Directory," on page 1170
certificates, and so on.
The certificates are stored in the local certificate store on the user's workstation. They are not stored
in GroupWise. Therefore, if a user moves to a different workstation, he or she must import the
personal digital certificate into the certificate store on the new workstation, even though the same
GroupWise account is being accessed.
If your system includes smart card readers on users' workstations, certificates can be retrieved from
this source as well, so that after composing a message, users can sign them by inserting their smart
cards into their card readers. The GroupWise client picks up the digital signature and adds it to the
message.
The GroupWise Windows client verifies the user certificate to ensure that it has not been revoked. It
also verifies the Certificate Authority. If a certificate has expired, the GroupWise user receives a
warning message.
For complete details about using S/MIME encryption in the GroupWise Windows client, see
"Sending S/MIME Secure
NOTE: S/MIME encryption is not available in the Linux/Mac client or the WebAccess client.
Any messages that are not digitally signed or encrypted are still protected by native GroupWise
encryption as long as they are within your GroupWise system.
1160 GroupWise 8 Administration Guide
®
Novell Certificate Server
Section 76.4, "Accessing S/MIME Certificates in an LDAP
for details), change the trust level on certificates, import and export
Messages" in "E-Mail" in the
2 or later (http://
TM
GroupWise 8 Windows Client User Guide.