Using the connector

This page describes how to enroll and manage client certificates for Google Workspace users.

Enroll a certificate

The insert command generates keys in the PKCS12 format and uploads the S/MIME certificates to the Google Workspace user accounts listed in the CSV file.

java -jar smime-connector-<version>.jar insert <path_to_csv_file>

The .p12 certificate file generated for the user is copied to the defined certificate location on the system, and the password listed in the CSV file is used to protect the certificate.

Insert certificates

Set the default certificate

The default command sets the default certificate for a Google Workspace user account. You can retrieve the IDs of the existing S/MIME certificates using the list command.

  • Email address

  • Email alias

java -jar smime-connector-<version>.jar default <[email protected]> <certificateId>
java -jar smime-connector-<version>.jar default <[email protected]> <[email protected]> <certificateId>

Renew a certificate

The update command renews S/MIME certificates that are within the defined renewal period and uploads them to the Google Workspace user accounts listed in the CSV file.

java -jar smime-connector-<version>.jar update <path_to_csv_file>

The .p12 certificate file generated for the user is copied to the defined certificate location on the system, and the password listed in the CSV file is used to protect the certificate.

Renew certificates

Delete a certificate

The delete command removes S/MIME certificates from a Google Workspace user account.

  • Email address

  • Email alias

java -jar smime-connector-<version>.jar delete <[email protected]>
java -jar smime-connector-<version>.jar delete <[email protected]> <[email protected]>
Delete certificates

Encrypt an email

If you have S/MIME enabled for your Google Workspace account, it automatically encrypts your outgoing emails.

To check if a message you’re sending is encrypted:

  1. Start composing a message.

  2. Add the recipient’s email address to the To field.

  3. To the right of your recipient’s email address, you’ll see a lock icon that shows the level of encryption that is supported by the recipient. If there are multiple users with various encryption levels, the icon will show the lowest encryption level.

  4. To change your S/MIME settings or learn more about your recipient’s level of encryption, click the lock, then View details.

    Recipients with support for S/MIME encryption

Verify the digital signature

To verify that emails are properly signed with the sender’s digital signature:

  1. Send a test email to yourself or another recipient, and then open it.

  2. Click Show details. The green lock icon next to the security field means that S/MIME enhanced encryption was used to protect your sensitive data. S/MIME encrypts all outgoing messages if Gmail has the recipient’s public key. Only the recipient with the corresponding private key can decrypt this message.

    Email sender info
  3. Click Sender info. You will see the user’s email address in the Signed by field and the CA name in the Issuer field.

    Sender’s digital signature

List the existing certificates

The list command retrieves a list of the available S/MIME certificates for a Google Workspace user account.

  • Email address

  • Email alias

java -jar smime-connector-<version>.jar list <[email protected]>
java -jar smime-connector-<version>.jar list <[email protected]> <[email protected]>
List certificates