Auto Import

Automatic S/MIME certificate import from signed emails, LDAP and Entra ID.

Automatic Certificate Import

Conbool can automatically detect and retrieve public S/MIME certificates to enable encryption of incoming and outgoing messages without manual management.
This function combines import from signed messages with optional queries from connected directory services such as LDAP or Microsoft Entra ID.

Automatic Import from Incoming Messages

When a signed email arrives via the gateway, Conbool automatically verifies the digital signature.
The included sender certificate is extracted and verified.
If no certificate for this address exists in the store, it is automatically saved in the "Public Certificates" section.
All imports are logged in the tracing (source, fingerprint, validity).

Activation as described in the incoming routes section.

Retrieval from LDAP or Entra ID

When an active route searches for S/MIME certificates and an LDAP or Entra ID integration is configured, Conbool can directly retrieve certificates stored there.

The certificate is temporarily used at runtime to encrypt the message.
It is not permanently stored in the Conbool store, but only held in memory.
After delivery is complete, the entry is discarded.
A corresponding note appears in the tracing, including source and fingerprint.

This allows certificates from central corporate directories to be used securely without replicating them in Conbool.

Advantages

Fully automatic use of external certificates
No duplicate maintenance of certificates between AD/Entra and Conbool
Always current keys — directly from the signature or from directory services
Ideal for hybrid environments with existing S/MIME infrastructures

Notes

Automatic import can be activated on a tenant or routing basis.
LDAP/Entra certificates are not exported or displayed, but only used transiently.
For outgoing encryption, the local store is searched first, then LDAP/Entra ID.
Signature and validity verification is performed regardless of the storage location.

Automatic Certificate Import

Automatic Import from Incoming Messages

When a signed email arrives via the gateway, Conbool automatically verifies the digital signature.

The included sender certificate is extracted and verified.

If no certificate for this address exists in the store, it is automatically saved in the "Public Certificates" section.

All imports are logged in the tracing (source, fingerprint, validity).

Activation as described in the incoming routes section.

Retrieval from LDAP or Entra ID

When an active route searches for S/MIME certificates and an LDAP or Entra ID integration is configured, Conbool can directly retrieve certificates stored there.

The certificate is temporarily used at runtime to encrypt the message.

It is not permanently stored in the Conbool store, but only held in memory.

After delivery is complete, the entry is discarded.

A corresponding note appears in the tracing, including source and fingerprint.

This allows certificates from central corporate directories to be used securely without replicating them in Conbool.

Advantages

Fully automatic use of external certificates

No duplicate maintenance of certificates between AD/Entra and Conbool

Always current keys — directly from the signature or from directory services

Ideal for hybrid environments with existing S/MIME infrastructures

Notes

Automatic import can be activated on a tenant or routing basis.

LDAP/Entra certificates are not exported or displayed, but only used transiently.

For outgoing encryption, the local store is searched first, then LDAP/Entra ID.

Signature and validity verification is performed regardless of the storage location.