S/MIME Gateway Certs

An offtopic question regarding S/MIME Gateway certs where I have two different statements and I cannot tell which one is true or wrong. One consultant says that S/MIME Gateway Certs will allow a company to sign all emails from their employees per domain, kind of wildcard *@domain.com. The next one says, no this does’t work and I need for each employee a sole cert. But when asking him for what purpose S/MIME Gateway certs are used for, he resignes an answer and becomes quiet.

So maybe anybody could give me information on this topic? Can I sign emails from multiple employees from same domain e.g. john@domain.com and mary@domain.com with an S/MIME Gateway Cert or do I need to manage multiple certs on user basis? How do big companies with 1000+ employees manage this?

Gateway Certificates are used on E-Mail Gateways. The gateway does the de- & encryption. The workstation / emailclient gets and sends “normal” emails. Gatewaycertificates are used for complete domains. You don’t need individual certificates for each address.

Yes that’s what one says… I am stuck between two opposite statements. Do you have a working solution or do you know somebody with an S/MIME Gateway up and running?

Jepp, both. If you want to, I’ll send you my phonenumber and we could talk about.

yes please would be great!