Cisco Cisco Email Security Appliance X1070 White Paper

3. Review the certificate and click

Submit in order to commit your

changes:

Associate a PEM Certificate

You must now add your PEM-formatted certificate to the S/MIME Public

Keys. Complete these steps in order to add the PEM-formatted certificate:

1. Navigate to

Mail Policies > S/MIME Public Keys > Add Public Key....

2. Enter the name, as required.
3. Open the PEM (.crt) formatted certificate in an appropriate text editor

(such as Notepad++ or Atom).

4. Copy the content from -----

BEGIN CERTIFICATE----- through ----

END CERTIFICATE-----.

5. Paste this content into the S/MIME Public Key section and click

Submit:

6. Commit all changes. At this point your S/MIME Public Key is now set

for your Cisco Email Security solution.

S/MIME Verification and Decryption Flowcharts

Looking for an S/MIME

Gateway-To-Gateway

Verification Profile

S/MIME email received

S/MIME Gateway Decryption

S/MIME Gateway

Verification

Encrypted?

Check Triple Mode

Signed

Next Processing Step

Signature Verification

S/MIME Incoming Operation

Decryption

Yes

Decrypting

Yes

Found?

Is the S/MIME gateway

PKSC12 certificate found?

Verifying

Successfully?

Remove S/MIME signature

Mark the message has been

S/MIME Gateway processed

Mark the message has been

S/MIME Gateway processed

Looking for an S/MIME

gateway PKSC12

certificate to decrypt

Certificate Harvesting

•

For easier certificate management, Cisco Email Security will harvest

any X.509 certificates from S/MIME gateway-to-gateway messages

•

Self-signed certificates are ignored as they are considered personal

•

Harvested keys DB size is 512 MB (~300K records)

Warning sent when DB is full

No DB manipulation is exposed to end user at the moment

S/MIME Verification and Public Key Harvesting features – Mail

Flow Policies

Cisco Email Security How-To Guide

How-To Secure Communications

Cisco Public