SafeGuard LAN Crypt v 3.71 and above.
Which certificates can be used and where do they come from?
SafeGuard LAN Crypt uses certificates and public/private key pairs to secure encryption information stored in the encryption policy files. Only the owner of the certificates is able to access the private key belonging to the certificate and is therefore able to use it for accessing the encryption information.
- A company either has its own Public Key Infrastructure (PKI) or uses a Trust Center to create certificates for the users. In this case, existing certificates can be used.
- Optionally, the SafeGuard LAN Crypt Administration component can generate self-signed certificates. These self-signed certificates can only be used by SafeGuard LAN Crypt. These are simple certificates (comparable to Class-1 certificates) which comply with the X.509 standard.
The certificates are assigned to the users within the SafeGuard Administration component. Note:
It is not possible to use the Microsoft Standard CSP (Microsoft Base CSP)
In SafeGuard LAN Crypt you can specify whether any errors found when checking user certificates are to be ignored.
This procedure is useful if the validity period of a certificate has expired and no new certificate is yet available. To ensure that a user can continue to access their encryption profile, the period of validity check can be ignored until a new certificate is issued. As a result, the same certificate, which has actually expired, can still be used. Once a new certificate is available, you can cancel Ignore during Certificate Verification again. Note:
Ignoring errors that occur during certificate checks always means a reduction in security. To ensure that this setting is not misused when you make server settings, this node is also displayed in Server Settings.