The Active Directory server needs to be added as a Keyserver with the following attributes:

• Description: any useful description (optional). For example, dc1.
• Type: X.509 Directory LDAPS. Note that you should import the public certificates from the certificate chain of the Active Directory server certificate. Do this from Keys / Trusted Keys in the administration console and trust the certificates for SSL/TLS.
• Hostname: the fully qualified domain name of the Active Directory server. For example, dc1.example.com.
• Port: Accept the default LDAPS port of 636.
• Base DN: the base Distinguished Name of the Active Directory. For example, DC=example,DC=com.
• Trust keys from this keyserver implicitly: Enable this option to automatically trust all keys from this keyserver.

Once you have added the Keyserver entry for an Active Directory server, you need to update this entry in the database with the Distinguished Name and password of an Active Directory user that has permissions to read the S/MIME certificates of other Active Directory users.

Please contact Broadcom Technical Support for assistance in updating the database.

Once the Distinguished Name and password for the Active Directory has been added to the keyserver table, you can add the Keyserver to a mail rule under Mail / Mail Policy in the administration console so that the Active Directory keyserver will be searched when encrypted mail needs to be sent.