Hardened Open LDAP S/MIME Address Book / Key Server

Hardened Open LDAP S/MIME Address Book / Key Server

Do you use S/MIME e-mail encryption? Then, you would wish to share the public keys simply and securely with parties outside the organisation. The KeyTalk LDAP S/MIME address book offers everything you need for this.

After rollout, S/MIME certificates are neatly published as an address book for employees via the Active Directory. But…

  • How can employees outside the central AD easily use the internal e-mail encryption?
  • How can external contacts easily request the S/MIME certificate for direct encrypted e-mailing?
  • How do you easily disclose your S/MIME data in case of Responsible Disclosure?

The KeyTalk hardened OpenLDAP S/MIME address book / key server easily solves these issues.

LDAP in practice

On the user side: The KeyTalk LDAP can be used in two ways, via a web interface or via LDAP(S) protocol.

  • HTTPS web interface: after entering a complete e-mail address, you can search and download a certificate.
  • LDAP(S) protocol: An e-mail client that supports S/MIME via LDAP is configured to automatically search for S/MIME data. Suitable for Outlook and Thunderbird, for example, where the user can send encrypted e-mails even without IT knowledge.

Setting up the LDAP address book

Setting up the KeyTalk LDAP is very simple. Upload our virtual appliance into your hypervisor and configure it using our quick guide. Usually, this is arranged within one hour.

In KeyTalk, you can add an LDAP address book, which you have configured based on url, BaseDN, BindDN, Bind password and the DN template. The KeyTalk virtual appliance will publish all newly issued S/MIME certificates in it. Of course, revoked certificates will be deleted. It is also possible to upload and publish existing S/MIME certificates (internal and external).

The KeyTalk S/MIME LDAP can handle up to 50 million certificates – this is expandable. In an optimal condition, the LDAP can handle up to 20,000 reads per second.

Technical details

  • KeyTalk LDAP S/MIME address book / LDAP Key Server is based on a hardened version of OpenLDAP on top of CentOS. It comes as a virtual appliance usable for AWS, Azure, Google Cloud, Hyper-V and VMware.
  • For High Availability (HA) purposes, we have made the LDAP easily clusterable via a graphical interface, so that you can quickly build a redundant synchronized LDAP environment.
  • The HTTPS interface is protected against harvesting attacks using fail2ban.

Would you like to know more?

Do you wish to be provided with a demo, Proof of Concept or directly technical in-depth consultation with one of our PKI experts? Feel free to contact us, we are happy to think along with you!