In addition to the API, you can manage S/MIME certificates and email accounts directly through the MXHero dashboard interface. This provides a user-friendly way to perform all certificate management operations without needing to write code.

Certificate Management

Uploading Certificates

The dashboard allows you to upload both types of S/MIME certificates:

P12/PKCS12 Certificates (Complete Certificates)

• Upload files with .p12 or .pkcs12 extensions
• Contain both public and private keys for complete S/MIME functionality
• Require a password during upload for security validation
• Important: The password you provide is used only to decrypt and validate the certificate during upload - it is never stored in the system
• After upload, the certificate is re-encrypted with a new internal password for secure storage
• Can be used for signing, decrypting, encrypting, and verifying emails
• Best for internal organization email accounts

PEM Certificates (Public Key Only)

• Upload files with .pem or .crt extensions
• Contain only the public key portion
• No password required during upload
• Used for encrypting emails to recipients and verifying signatures from senders
• Cannot be used for signing or decrypting emails
• Ideal for external email addresses and partners

Certificate Information

When uploading any certificate, you'll need to provide:

• Certificate Name: A friendly name to identify the certificate
• Password (P12 only): Required to decrypt and validate P12 certificates during upload (never stored)

Email Account Management

Creating Email Accounts

You can create email accounts for any email address, whether internal or external to your organization:

Internal Email Accounts

• Email addresses from your organization's domain
• Can be associated with P12 certificates for full signing and decryption capabilities
• Typically used for employees who need to sign outgoing emails

External Email Accounts

• Email addresses from partner organizations or external contacts
• Usually associated with PEM certificates (public keys only)
• Used for encrypting emails to external recipients and verifying their signatures
• Cannot be used for signing emails on behalf of your organization

Certificate Association

For each email account, you can:

• Link multiple certificates: Associate several certificates with a single email account
• Set primary certificate: Designate which certificate is actively used for signing and decryption
• Manage certificate history: Keep track of previous certificates for audit and verification purposes

The primary certificate is crucial because:

• It's used for signing all outgoing emails from that account
• It's used for decrypting incoming emails to that account
• Only certificates with private keys (P12 certificates) can be set as primary for internal accounts

Key Considerations

Security and Privacy

• Password Security: Passwords provided during P12 upload are used only for validation and are immediately discarded
• Certificate Storage: All certificates are securely encrypted and stored using internal passwords
• Access Control: Only authorized administrators can manage certificates and email accounts

Certificate Types and Usage

• P12 certificates: Provide complete S/MIME functionality (sign, decrypt, encrypt, verify)
• PEM certificates: Limited to encryption and verification operations
• Primary certificates: Must have private keys for signing and decryption capabilities

Best Practices

• Regular Updates: Keep certificates current and replace expired ones
• Certificate History: Maintain previous certificates for verifying older signed emails
• External Coordination: Coordinate with external partners to exchange public keys
• Testing: Verify certificate functionality after upload and association

Workflow Summary

1. Upload Certificates: Start by uploading P12 certificates for internal users and PEM certificates for external contacts
2. Create Email Accounts: Add email accounts for both internal users and external partners
3. Associate Certificates: Link appropriate certificates to each email account
4. Set Primary Certificates: Designate the active certificate for each internal account
5. Configure Rules: Set up email flow rules to determine when S/MIME operations are applied
6. Monitor and Maintain: Regularly check certificate status and update as needed