G DATA 365 | Mail Protection

Assign a certificate to G DATA 365 | Mail Protection

To secure the communication between G DATA 365 | Mail Protection and Microsoft Exchange Online, we recommend using a certificate. To secure the communication, a certificate with a PublicKey and a PrivateKey is required.

The file with the PublicKey is stored in your Microsoft Entra Admin Portal for the G DATA 365 | Mail Protection, the PrivateKey is stored in your G DATA Web-Portal.

Creating a self-signed certificate with Powershell under Windows

Open Powershell on your local computer with administrator permissions.
Leave Powershell open for the entire period!

Use cd to change to the directory C:\ and enter the following command:

$certname = "MailProtection"
$cert = New-SelfSignedCertificate -Subject "CN=$certname" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256

We have given the certificate the name MailProtection. You can change this name, as it can be freely assigned.

Do not collapse the command. "$cert…" must be written in a new row, otherwise problems will occur.

Use the following command to export the PublikKey to a location from which you can later upload the files:

Export-Certificate -Cert $cert -FilePath "C:\x-company-Zertifikate\$certname.cer"

In our example, we save the PublicKey in the directory C:\x-company-certificates. You can choose the path freely.

Assign a password for the PrivateKey with the following command:

$mypwd = ConvertTo-SecureString -String "MSEMail123" -Force -AsPlainText

In our example, we have assigned the password MSEMail123. You absolutely need to enter your own password here!

Use the following command to export the PrivateKey to a location from which you can later upload the files:

Export-PfxCertificate -Cert $cert -FilePath "C:\x-company-Zertifikate\$certname.pfx" -Password $mypwd

In our example, we save the PrivateKey in the directory C:\x-company-certificates. You can choose the path freely.

Now use these commands to delete the two certificates from your computer’s personal certificate store. The certificate is not required here.

Read out the ID of the certificate in the memory:

Get-ChildItem -Path "Cert:\CurrentUser\My" | Where-Object {$_.Subject -Match "MailProtection"} | Select-Object Thumbprint, FriendlyName

If you have given the certificate a different name instead of MailProtection, use the name you used in this command. name you have used.

This command should only return 2 results. If you see more, there are additional certificates in your personal memory. In this case, it is better to delete the certificates via the Microsoft Management Console (mmc).

Delete the certificate using the ID:

Remove-Item -Path Cert:\CurrentUser\My\{pasteTheCertificateThumbprintHere} -DeleteKey

Replace "{pasteTheCertificateThumbprintHere}" with the ID that was displayed with the previous command.

Upload certificate for the G DATA 365 | Mail Protection in the Microsoft Entra Admin Portal

1.	Make sure that the G DATA 365 \| Mail Protection has already been registered as an enterprise application.
2.	Under Applications→App registrations→G DATA Mail Protection, click on Add a certificate or secret. Screenshot
3.	Click on Certificates and then on Upload certificate. Screenshot
4.	Upload the certificate you created from the location where you saved it when you created it. Screenshot
5.	Enter a short description and click `Add`