Technical Requirements
Last updated on
This page explains the technical requirements of Client-Side Encryption (CSE) so that it can be used in your company.
Technical requirements
Section titled “Technical requirements”Client-Side Encryption uses Let’s Encrypt to create a TLS certificate. TLS 1.2 and 1.3 are supported. The full certificate chain is sent to
you (*.stackit.run, R13, ISRG Root X1).
The following ports must be open for the CSE instance to work:
- Port
443(KACLS endpoint over HTTPS) - Port
80(Let’s Encrypt certificate check via CRL/OCSP)
If you want to use S/MIME encryption with CSE, you need an SCIM-compatible identity provider (IdP), such as Microsoft Entra, Okta, or Authentik.
Consult also the Google Workspace setup page for more general technical details.