Automating the Provision of Trust Certificates Using Clearswift’s Trust Manager

Email is still the preferred method of business collaboration in use. With the growth of sensitive content being shared legitimately between organizations and the pressures to ensure data is being sent in a secure fashion, the use of email encryption is almost essential. Multiple analysts show the email encryption market growing with a 20+% CAGR from 2018-2025.

Encryption Options

There are a wide range of methods to secure data in transfer ranging from basic TLS to password protected documents using a secure staging server or using digital certificates. Different methods exist in order to address different use cases. For example, delivering a monthly utility bill to a domestic user is best served with a secure email portal, whereas frequent communications between parties sharing confidential information is best served using digital certificates.

Whilst there are additional costs to use email encryption, it is money well spent to protect the organization, its information and the costs associated with a data breach.

Benefits of email encryption

  • Prevents content tampering
  • Sensitive data is preserved
  • Content remains unaltered
  • Ensures message privacy
  • Assures email sent from a certified user

Key Considerations

Previously, use of Digital Certificates has not become ubiquitous due to the manual process of acquiring and issuing them. While possible, it creates overhead for the already busy IT department as certificates also need to be renewed on a regular basis or they expire resulting in insecure or delayed communications. The solution is automation of all the tasks. The only pre-requisite then would be a source of unassigned certificates; these could be generated locally if there is a deployed Public Key Infrastructure (PKI), purchased via a website or alternatively, use a Managed PKI (MPKI) service that can integrate into the existing environment.

Benefits of automated certificate provisioning

  • Reduced administration overhead
  • Bulk provisioning
  • Uses LDAP attributes to populate certificate fields
  • Only use what is needed

The Clearswift Trust Center Solution

The Clearswift Trust Center component extends the ability of the Clearswift Secure Email Gateway to connect to MPKI providers to provide the key issuance and renewals in an automated fashion.

In order to use the automation of the MPKI, a corporate user account must be set up and typically, certificates pre-purchased in bulk. When first being deployed, the solution can automatically provision multiple users based on Active Directory or an LDAP service and those with existing certificates will be automatically included into the system:

1. the Gateway will detect new users who require a digital certificate,

2. then automatically provision them through the MPKI service, drawing down from the bulk purchased certificates

3. to be used automatically for signing and encryption purposes.

Clearswift Secure Email Gateway detects and provisions new users through the MPKI service.


Once provisioned, the certificate will be replicated across peered Gateway certificate stores to ensure availability.

Certificate expiry dates are constantly monitored and when a certificate is close to expiration, the Gateway will automatically provision a replacement, ensuring that users do not lose the ability to send secure email.


Product Summary


  • Clearswift Secure Email Gateway


Clearswift provides 24/7 global support as standard, with additional options for premium support.