Use the Configuration > System > Certificates page to manage certificates and certificate authorities. These are used by the Email Appliance to manage encryption for the Administrative User Interface, the End User Web Quarantine, DKIM, and Email Encryption.

To fully configure certificates, it may be necessary to first add or configure a trusted certificate authority.

DKIM Settings

DomainKeys Identified Mail (DKIM) is an authentication framework used to cryptographically sign and validate a message based on the domain of the sender.

You can configure DKIM certificates for multiple domains here by adding information to the following fields:

  • Domain name: Enter the domain name that you want to configure DKIM RSA keys for.
    Note Multiple domain names need to be separated by commas.
  • Key selector: This is used to identify the DKIM signature, along with the RSA key. Specify a key selector for the domain.
  • RSA Key: This is a key used to generate the hash for the DKIM signature. Specify a private RSA key here (in ASCII armor).

To add the default key, enter DEFAULT KEY (for domains) in the Domain Name textbox, and Key Selector and RSA key in their respective text-boxes. The default key will be used to DKIM sign the domains for which no key is configured. For sub-domains, if no key exists, then the top level domain key will be used to sign the mail. If neither of the entries exist, the default key will be used to sign the mail.

Note For domains that you want to sign mail for, you also need to publish the public portion of the RSA key along with the selector, in the DKIM DNS records for those domains.