Cisco Cisco Email Security Appliance C160 Guía Del Usuario
17-5
Cisco AsyncOS 8.5 for Email User Guide
Chapter 17 Cisco Email Encryption
Encrypting Messages using the Email Security Appliance
•
Message settings. Specify details about messages, such as whether to enable secure message
forwarding and secure Reply All.
forwarding and secure Reply All.
•
Notification settings. Specify the notification template to use for text and HTML notifications, as
well as encryption failure notifications. You create the templates in text resources and select the
templates when creating the encryption profile. You can also localize envelopes and specify a
message subject for encryption failure notifications. For more information about notifications, see
well as encryption failure notifications. You create the templates in text resources and select the
templates when creating the encryption profile. You can also localize envelopes and specify a
message subject for encryption failure notifications. For more information about notifications, see
and
.
Procedure
Step 1
In the Email Encryption Profiles section, click Add Encryption Profile.
Step 2
Enter a name for the Encryption Profile.
Step 3
Click the Used By (Roles) link, select the custom user role you want to have access to the encryption
profile, and click OK.
profile, and click OK.
Delegated administrators assigned to this custom role can use the encryption profile for any DLP policies
and content filters for which they are responsible.
and content filters for which they are responsible.
Step 4
In the Key Server Settings section, select from the following key servers:
•
Cisco Encryption appliance (in network)
•
Cisco Registered Envelope Service (hosted key service)
Step 5
If you select the Cisco Encryption appliance (local key service), enter the following settings:
•
Internal URL. This URL is used by the Cisco Email Security appliance to contact the in-network
Cisco Encryption appliance.
Cisco Encryption appliance.
•
External URL. This URL is used when the recipient’s message accesses keys and other services on
the Cisco Encryption appliance. The recipient uses this URL to make inbound HTTP or HTTPS
requests.
the Cisco Encryption appliance. The recipient uses this URL to make inbound HTTP or HTTPS
requests.
Step 6
If you select the Cisco Registered Envelope Service, enter the URL for the hosted key service. The key
service URL is
service URL is
https://res.cisco.com
.
Step 7
Click Advanced under Key Server Settings to specify whether to use HTTP or HTTPS for transfering
the envelope’s encrypted payload when the recipient opens the envelope. Choose from one of the
following:
the envelope’s encrypted payload when the recipient opens the envelope. Choose from one of the
following:
•
Use the Key Service with HTTP. Transfers the encrpyted payload from the key service using HTTP
when the recipient opens the envelope. If you are using Cisco Registered Envelope Service, this is
the URL you specified in
when the recipient opens the envelope. If you are using Cisco Registered Envelope Service, this is
the URL you specified in
. If you are using the Cisco Encryption appliance, this is the external
URL you specified in
Since the payload is already encrypted, transporting it over HTTP is safe and faster than sending
over HTTPS. This provides better performance than sending image requests over HTTPS.
over HTTPS. This provides better performance than sending image requests over HTTPS.
•
Use the Key Service with HTTPS. Transfers the encrpyted payload from the key service using
HTTPS when the recipient opens the envelope. If you are using Cisco Registered Envelope Service,
this is the URL you specified in
HTTPS when the recipient opens the envelope. If you are using Cisco Registered Envelope Service,
this is the URL you specified in
. If you are using the Cisco Encryption appliance, this is the
external URL you specified in
.
•
Specify a separate URL for payload transport. If you don’t want to use the key server for your
encrypted payload, you can use another URL and specify whether to use HTTP or HTTPS for the
payload transfer.
encrypted payload, you can use another URL and specify whether to use HTTP or HTTPS for the
payload transfer.
Step 8
In the Envelope Settings section, select the level of message security: