Echoworx Blog

LDAP Expansion and S/MIME Advances Target Daily Certificate Challenges

PGP & S/MIME    | October 14, 2025
Silhouette of Man in Red and Blue Lit Office with Computer Screens

Changes aim to close gaps in email authentication and streamline secure communications for enterprise teams

Certificate discovery remains a persistent challenge for secure enterprise email. Missing or mismanaged S/MIME and PGP certificates interrupt encrypted communications, introduce risk, and slow down operations across organizations.

“We know from speaking with customers that message authenticity and certificate integrity aren’t theoretical, they’re daily concerns.”
— Director of Products, Echoworx

S/MIME Security: New Tools and Controls

Echoworx has introduced a series of updates targeting common pain points for security and IT teams:

  • Signature Verification: Administrators can now select among four inbound verification criteria: Message Unaltered, Message Signed by Sender, Valid Signer Certificate, and Trusted Signer Certificate.

“With our latest signature verification enhancements, you now get visibility on four key criteria: message integrity, sender authenticity, valid certificate, and trusted certificate status.”

  • Inbound Signature Stripping: The option to automatically remove signatures from inbound messages aims to minimize internal confusion and reduce risk from untrusted senders.
  • eFail Protection: By default, the system now strips HTML from inbound decrypted S/MIME and PGP messages to address a known class of vulnerabilities.
  • Expanded LDAP Search: Searches extend to third-party LDAPs without a Base DN, which simplifies management of external credentials.
  • Intermediate CA Certificate Support: Intermediate CA certificates are now stored in the user profile and included in outbound signatures when using SwissSign or DigiCert, improving compatibility and trust for recipients.

Traditional LDAP: Persistent Limitations

While LDAP remains the standard for internal certificate storage and retrieval, most implementations are limited to internal users. Integration and maintenance barriers routinely impede external certificate discovery. Common features such as Outlook’s auto-discovery often fail due to directory access or configuration issues.

Global LDAP Directory: Centralized Solution

The Echoworx Global LDAP Directory centralizes certificate publication and access in a secure, cloud-based environment. The system supports automated discovery for both S/MIME and PGP certificates, enabling real-time encryption for internal and external recipients. If a certificate isn’t found, configurable fallback policies route the message via a secure web portal to maintain confidentiality.

This approach replaces manual processes, reduces IT intervention, and provides standardized audit and compliance support.

Operational and Security Impact

For security leaders, the directory introduces several practical benefits:

  • Reduces manual management of certificates for both IT staff and end users
  • Standardizes encrypted communication across different domains
  • Lowers support ticket volume and minimizes failed encryption attempts
  • Improves audit readiness and compliance with regulatory mandates
  • Enables automated, policy-based routing depending on recipient status

Integration and Future Readiness

The directory integrates with Echoworx’s automated key management and certificate issuance platforms, including DigiCert and SwissSign. This allows enterprises to align certificate processes with broader security and compliance policies.

Outlook

Echoworx’s Global LDAP Directory and related platform updates streamline certificate discovery and encrypted messaging. For security teams managing large or distributed environments, these enhancements offer a more efficient and standardized operating model.