Using the connector
This page describes how to enroll and manage client certificates for Google Workspace users.
Enroll a certificate
The insert
command generates keys in the PKCS12 format and uploads the S/MIME certificates to the Google Workspace user accounts listed in the CSV file.
java -jar smime-connector-<version>.jar insert <path_to_csv_file>
The .p12
certificate file generated for the user is copied to the defined certificate location on the system, and the password listed in the CSV file is used to protect the certificate.
Set the default certificate
The default
command sets the default certificate for a Google Workspace user account.
You can retrieve the IDs of the existing S/MIME certificates using the list command.
java -jar smime-connector-<version>.jar default <[email protected]> <certificateId>
java -jar smime-connector-<version>.jar default <[email protected]> <[email protected]> <certificateId>
Renew a certificate
The update
command renews S/MIME certificates that are within the defined renewal period and uploads them to the Google Workspace user accounts listed in the CSV file.
java -jar smime-connector-<version>.jar update <path_to_csv_file>
The .p12
certificate file generated for the user is copied to the defined certificate location on the system, and the password listed in the CSV file is used to protect the certificate.
Delete a certificate
The delete
command removes S/MIME certificates from a Google Workspace user account.
java -jar smime-connector-<version>.jar delete <[email protected]>
java -jar smime-connector-<version>.jar delete <[email protected]> <[email protected]>
Encrypt an email
If you have S/MIME enabled for your Google Workspace account, it automatically encrypts your outgoing emails.
To check if a message you’re sending is encrypted:
-
Start composing a message.
-
Add the recipient’s email address to the To field.
-
To the right of your recipient’s email address, you’ll see a lock icon that shows the level of encryption that is supported by the recipient. If there are multiple users with various encryption levels, the icon will show the lowest encryption level.
-
To change your S/MIME settings or learn more about your recipient’s level of encryption, click the lock, then View details.
Verify the digital signature
To verify that emails are properly signed with the sender’s digital signature:
-
Send a test email to yourself or another recipient, and then open it.
-
Click Show details. The green lock icon next to the security field means that S/MIME enhanced encryption was used to protect your sensitive data. S/MIME encrypts all outgoing messages if Gmail has the recipient’s public key. Only the recipient with the corresponding private key can decrypt this message.
-
Click Sender info. You will see the user’s email address in the Signed by field and the CA name in the Issuer field.
List the existing certificates
The list
command retrieves a list of the available S/MIME certificates for a Google Workspace user account.
java -jar smime-connector-<version>.jar list <[email protected]>
java -jar smime-connector-<version>.jar list <[email protected]> <[email protected]>