ManualsPro SIEMENS SIEMENS E-Mail Encryption with Business Partners User Guide

SIEMENS E-Mail Encryption with Business Partners User Guide

June 9, 2024
SIEMENS

siemens logo **E-Mail Encryption with Business Partners
User Guide
** E-mail encryption with business partners
(Guideline for business partners)

Intention of the document:

This guideline is written for Siemens business partners who need to communicate with their partners at Siemens via encrypted emails. It describes the system requirements  and the necessary configurations (Outlook and Windows) to enable a secure communication (signed and/or encrypted emails). It shows especially the possibilities for key  exchange. Please contact your Siemens partner if you have any problems.

Prerequisites on business partner side

2.1 Certificates:
The business partner needs certificates to send encrypted e-mails.
There are different standards for certificates. X.509(S/MIME) is supported by Microsoft Outlook and many other programs, therefore this standard should be used for  secure communication. Because of this reason all Siemens employees are equipped with their own X.509 certificates. PGP is only supported as a sideline and is available for  Siemens employees only on demand.
If your organization has its own trust center or your company is using a public trust center it should be used to obtain certificates. A few known public trust centers which are already listed in the Siemens IT infrastructure are:

2.2 Prerequisites for Software:
To encrypt with X.509 certificates your e-mail program has to support this standard. Also it has to evaluate the “key usage” field in the certificate. Outlook (since version  2003) already contains an encryption functionality which is compatible to the Siemens PKI and can be used without any further installation.
The following user guideline describes which steps have to be taken before a business partner and a Siemens employee can exchange encrypted and signed emails on the example of Outlook 2003. Therefore it is necessary that the business partner has installed his certificates in his e-mail program.

Possibilities for certificate exchange

Depending on the number of communication partners, different possibilities for certificate exchange are useful.
These alternatives can be applied:

  • Basically the usage of the Siemens external repository is recommended. This is a directory service for PKI keys in the Internet. It enables secure communication with every  Siemens employee. This repository contains the latest certificates of Siemens employees. After setting up of the repository, no separate key exchange is needed any more. But  it must be possible to send LDAP request over the internet. Otherwise this option is not possible. Please contact your network administrator in case of problems with LDAP-requests.
  • If the usage of the Siemens external repository is not possible or the business partner does not have a repository on the Internet, certificates must exchanged manually.

Guideline for business partners:

„Outlook Native encryption“

4.1 Transfer of own certificates to the Siemens partner
This paragraph describes how a business partner can transfer his own certificates to a Siemens employee.
Check out if the Siemens employee is able to send you an encrypted e-mail. If this is possible, no other actions have to be taken because a direct access to the directory service of your organization is possible.
If this is not the case, please send a signed e-mail to your Siemens partner. Please check the following settings so that he can access your certificates from your e-mail:

  • Open Outlook and the menu Tools Options, in the tab security click below “encrypted emails” on “Settings…”
    (Since Outlook 2007: Tools Trust Center in the Section „E-mail Security”)
    Activate in the following window “Change Security Settings” (Since Outlook 2007: on “Settings…”) the option “send these certificates with signed messages”

  • Close all  windows with “OK”

  • Send a signed e-mail to your Siemens partner. In such an e-mail all your certificates which are necessary for a secure communication are added automatically.

4.2 Transfer of Siemens certificates to a business partner
4.2.1 Usage of the Siemens external repository or http directory service of Siemens or the European Bridge-CA
4.2.1.1 Siemens Root Signing
Root signing certificates are certificates that you can use to sign other certificates that are linked up to a trusted root certificate. Since Siemens has its own Certification Authority the certificates of a Siemens employee are usually valid at the business partner.
4.2.1.2 Integration of the Siemens External Repository
The usage of the Siemens External Repository is generally recommended. It is possible to access all certificates of Siemens employees from the Internet.
Once the External Repository is installed, no further key exchanges are necessary. Make sure that the integration of the repository is not blocked by your Firewall policies.

Follow these instructions for the integration:SIEMENS E Mail Encryption with Business Partners - app1

  • Open the Outlook menu Tools
    E-mail Accounts.
    (Since Outlook 2007: Tools Account Settings in the tab “Address Books”)

  • Choose the Radio-Button “Add a new directory or address book” (Since Outlook 2007: On “New…”)

This wizard will allow you to change the e-mail accounts and directories that Outlook uses.

  • Choose “Internet Directory Service (LDAP)”.SIEMENS E Mail Encryption with Business Partners - Service
  • The Server name is: “cl.siemens.com“. Click on More Settings.SIEMENS E Mail Encryption with Business Partners - More Settings
  • Change to the tab “Search” and enter the Search base: “o=Trust center”.
  • Continue with OK.
  • Click in the previous Window Finish.
  • Note: It is necessary to restart Outlook to use the directory service.SIEMENS E Mail Encryption with Business Partners - directory service
  • At the end it is necessary that the directory services are in the right order in the address Book. Please open your address book
  • Click on “tools” and then on “Options”
  • Make sure that the directories are in the right order.SIEMENS E Mail Encryption with Business Partners - directory service1

4.2.1.3 HTTP Directory or European Bridge CA
 Siemens is providing a HTTP Directory service where Certificates of all Siemens employees can be downloaded via the following link: http://cl.siemens.com
Above that is Siemens a member of the European Bridge-CA. That is why you can get all certificates of all Siemens employees via the HTTP-Directory Service of the  European Bridge-CA, too. This HTTP-Directory Service can be found here: https://www.ebca.de/en/tools/finding-certificates/
To find a certificate, just enter the email address of the employee and save all offered certificates to your hard drive. If the saved certificates are .cart-Files you must change it into .cero-Files because the other files are not supported.
In order for Outlook to use these downloaded certificates, you need to add them to an Outlook contact. Follow these instructions to add a certificate to a contact:

  • Open your Outlook contacts and the contact of the Siemens employee you want to communicate with securely.SIEMENS E Mail Encryption with Business Partners - Outlook
  • Choose the tab “Certificates” and click on Import.
  • Choose the directory in which you saved the downloaded certificates and mark them for import.
  • Leave the contact via Save and Close.
  • Redo this for all Siemens employees you want to communicate with securely.

4.2.2 Manual certificate exchange via signed e-mail
If you cannot use the European Bridge-CA, p

lease ask your communication partner at Siemens to send you a signed e-mail.
After you have received the signed e-mail you should be able to communicate securely with the Siemens employee. Normally there are no further actions necessary. If there appears a “Digital Signature: Invalid” reference, please follow the instruction below.
Follow these instructions if you have received a signed e-mail with a “Digital Signature: Invalid” reference:

  • This window opens if you receive a signed email, whose Root-CA Certificate was not yet imported. ****
  • To import the CA-Certificates that come with the signed email, click on Trust afterwards a “Security Warning” appears, that asks you to verify the fingerprint of the certificate.SIEMENS E Mail Encryption with Business Partners - Certificates
  • Click on YES to import this certificate into your Windows Certificate Store.
  • Click with your right mouse-button on the Sender’s email address.
  • Choose the menu option Add to Contacts. Hereupon the contact window with the user’s details opens. Open the “certificate” tab and check if the certificates were imported.
  • Leave the contact via Save and Close.
  • Repeat this for all the business partners you want to communicate with securely.

Note: The signatures of the business partners will only be displayed as valid after opening the e-mail again.

Final settings for first usage in Outlook

To use e-mail encryption now the right certificate and the suitable encryption mode has to be chosen. Please consider that you can ignore this chapter if you have already installed and used e-mail encryption before on your system.

Please follow these steps:

  • Start Outlook
  • On Tools Options on the tab „Security“ you can find information to send encrypted e-mails. Click on  “Settings”, located next to “My S/MIME Settings”SIEMENS E Mail Encryption with Business Partners - Start Outlook
  • Choose the suggested certificate right next to „Signing Certificate“. Then choose a encryption algorithm. Siemens demands “3DES” here. Close everything with „OK“. If “3DES” is not available, it could happen that a weaker encryption method will be used. In this case the email cannot be read by Siemens employees. To solve this problem, please contact your Siemens partner and refer to the corresponding manual for Siemens employees.SIEMENS E Mail Encryption with Business Partners - More Settings1
  • Close Outlook and restart it to assume the changes.

siemens logoCorporate Information Technology
Date: 2013-07-15
Document type: user description
Version: 3.2
Author: Editorial team PKI
cio.siemens.com
E-mail encryption with business partners
Date 2013-07-15
©Siemens AG 2013
Author CIT G ISEC

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

SIEMENS User Manuals

SIEMENS QFA3150 Humidity and Temperature Sensor Instruction Manual
SIEMENS
SIEMENS SITOP PSU200M Instructions
SIEMENS
SIEMENS 400A and 600A Panel Board Switches Instruction Manual
SIEMENS
SIEMENS VNT Virtual Network Tunnel Instruction Manual
SIEMENS
SIEMENS 11061519 Remote Scan Control User Manual
SIEMENS
SIEMENS BI710E1B1 Accessory Drawer User Manual
SIEMENS
SIEMENS PXC7 Automation Stations Instruction Manual
SIEMENS
SIEMENS PXC5.E003 System Controller Instruction Manual
SIEMENS
SIEMENS 599-10071 Weather Shield Adaptive HVAC Supplies Instruction Manual
SIEMENS
SIEMENS A-Series Industrial Electric Actuator Instructions
SIEMENS
SIEMENS QBE3190UD25 Wet Differential Pressure Sensor Instruction Manual
SIEMENS
SIEMENS 536-811 Bracket Mounted Duct Temperature Sensor Instruction Manual
SIEMENS
SIEMENS EX675LYV1E Induction Hob Installation Guide
SIEMENS
SIEMENS TP505R01 Fully Automatic Coffee Machine User Manual
SIEMENS
SIEMENS ET675FNP1E Ceran Hob Instruction Manual
SIEMENS
SIEMENS TC 863 Series Filter Coffee Machine User Manual
SIEMENS
SIEMENS KG76NAIF0N Bottom Freezer Refrigerator Installation Guide
SIEMENS
SIEMENS PXC4.E16 Automation Stations Instruction Manual
SIEMENS
SIEMENS UP 251 Wall Motion Sensor Instruction Manual
SIEMENS
SIEMENS EX975LXC1E Induction Hob Instruction Manual
SIEMENS

Related Manuals

HARVEST TEC 600BBHD Moisture Sensor Kit Installation Guide
HARVEST TEC
LG SP9YA WiFi Sound Bar User Manual
LG
Tronsmart 2AV3Z-Q20 Bluetooth Headset User Manual
Tronsmart
JEGS 86004 Gas Powered Portable Generator User Guide
JEGS
NXP 8MPNAVQ-8G-G NavQPlus Mobile Robotics Companion Computer User Guide
NXP
ZEPHYR PRW24F01CG Dual Zone Full Size Wine Cooler Installation Guide
ZEPHYR
Freedom WON eTower Lithium Iron Phosphate Battery Modules Installation Guide
freedom WON
Shenzhen Dinghe Communication BH450 802.11ac Dual Band Wi-Fi Router Instructions
Shenzhen Dinghe Communication
Wuxi Ghostyu Electronics BLE520-A High-Performance Bluetooth Module User Manual
Wuxi Ghostyu Electronics
abicart Hakko HK-100L Linear Air Pump Instruction Manual
abicart
kramer EXT3-U-R USB 2.0 Extender Kit over Extended Reach User Guide
Kramer
DMXking eDMX1 PRO Ethernet DMX Adapter User Manual
DMXking
HOBBYWING Multi-Rotor Brushless Electronic Speed Controller User Manual
HOBBYWING
BOSCH HIB82651UC 42 Wide Island Hood Instruction Manual
Bosch
DELL Precision 7670 Mobile Workstation User Guide
Dell
tukzer TZ-ML-02 Monitor Screen Light Bar with Smart Touch Sensor User Manual
tukzer
AEG TR73CB96 Tumble Dryer User Manual
AEG
wipro Smart Light LED Bulb User Guide
Wipro
NOMAD GOODS NM01581785 Base Qi2 Charger Instruction Manual
Nomad Goods
Mandis Nevir012 Replacement Remote Control Instructions
Mandis
microsonic hps Plus Ultrasonic Sensors User Manual
microsonic
AIGOSTAR A3 Smart Ultrathin Ceiling Light Instruction Manual
aigostar
LAVA nLTS 3U Micro USB Tablets Installation Guide
LAVA
rugged radios GMR2-PLUS Overland and Jeep Radio Communications User Manual
rugged radios
KINGFISHER Green Star Products User Guide
KingFisher
FS S5900-24S4T2Q Transceivers DACs Supported Switch Instruction Manual
FS
MIDAS DP48 Dual 48 Channel Personal Monitor Mixer with SD Card Recorder User Guide
MIDAS
FMS BMGZ061 Robust Measuring Rollers Instruction Manual
Fms
visionLINE Default 6 Inch Flue Kit with Mesh and Solid Decorative Flue Instruction Manual
VisionLine
UNASTUD KM005 Wireless Keyboard and Mouse Combo Instruction Manual
UNASTUD
Contact Us   Privacy Policy   6.395ms