Server Key Management - S/Notify for Confluence


Please note that we've decided to move our support portal to help.savignano.net to to further improve the services for our customers.

The updated version of this page can be found at https://help.savignano.net/snotify-email-encryption/server-key-management-s-notify-for-confluence

Orange colored text describes functional differences in previous 3.x releases

Under this section, the private PGP keys and S/MIME certificates of the Confluence server are managed. They are used for signing outgoing emails.

For this, you will find the following configuration options:

Server Key Management

If you do not want outgoing email to get signed, then there is no need to provide a server key store, and you can leave this section empty.

Note that, if you have configured Confluence to use multiple email addresses, the key store must either hold multiple keys or certificates for them, or the keys or certificates must be issued for multiple email addresses.

This section has two tabs each displaying one of the two different encryption methods.

S/MIME

Private S/MIME Certificates

In this section, you can optionally provide a key store containing the private certificates to be used for S/MIME email signing.

If outgoing emails are to be signed, the server key store should also contain the (public) intermediate certificates, so they can be included in the signature.

Prior to version 3.1, intermediate certificates were not included.

Key store location

Provide path and file name of the certificate keystore, as seen from the server your Confluence instance runs on. The key store must be in PKCS#12 format. The file suffix of such key stores is usually p12 or pfx.

Password

Enter the password required to access the S/MIME key store. That is the keyword used to create the the key store.

For details on how the stored password ist protected, see below.

PGP

Private PGP Keys

In this section, you can optionally provide a key store containing the private keys to be used for PGP email signing. 

Key store location

Provide path and file name of the certificate keystore, as seen from the server your Confluence instance runs on. The key store must be in ASCII-armored or GPG binary format. The file suffixes of such key stores (also called key rings) are usually asc and gpg, respectively.

Password

Enter the password required to access the private PGP keys in the key store. That is the passphrase used to store the secret keys in the key store. When using multiple private keys, all of them must be protected by the same passphrase.

For details on how the stored password ist protected, see below.



Password protection

The passwords are stored in the database in encrypted format and used only internally. They cannot be reproduced by any Confluence user or administrator. However, since encryption of passwords alone cannot be considered fully safe, appropriate access control of your database is a prerequisite to achieve adequate protection.







The S/Notify Email Encryption apps are brought to you by savignano software solutions, a small yet savvy IT solutions company in Germany. Click here for legal information.