Cisco Cisco Email Security Appliance X1050 Guía Del Usuario
20-9
User Guide for AsyncOS 9.7 for Cisco Email Security Appliances
Chapter 20 S/MIME Security Services
Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME
Setting Up Public Keys for S/MIME Encryption
You must add the public key of the recipient's S/MIME certificate to the appliance for encrypting
messages. Depending on your organizational policies and processes, you can use one of the following
methods to add the public key to the appliance:
messages. Depending on your organizational policies and processes, you can use one of the following
methods to add the public key to the appliance:
•
Request the recipient to send the public key using an electronic channel, for example, email. You
can then add the public key using the web interface or CLI.
can then add the public key using the web interface or CLI.
For instructions to add the public key, see
.
•
Enable public key harvesting using the web interface or CLI and request the recipient to send a
signed message. The Email Security appliance can harvest the public key from the signed message.
signed message. The Email Security appliance can harvest the public key from the signed message.
For instructions to harvest public key from an incoming signed message, see
Adding a Public Key for S/MIME Encryption
Before You Begin
•
Make sure that the public key meets the requirements described in
•
Make sure that the public key is in PEM format.
Procedure
Step 1
Click Mail Policies > Public Keys.
Step 2
Click Add Public Key.
Step 3
Enter the name of the public key.
Step 4
Enter the public key.
Step 5
Submit and commit your changes.
Note
Use the
smimeconfig
command to add public keys using CLI.
Harvesting Public Keys
You can configure Email Security appliance to retrieve (harvest) public key from the incoming S/MIME
signed messages and use it to send encrypted messages to the owner (business or consumer) of the
harvested key.
signed messages and use it to send encrypted messages to the owner (business or consumer) of the
harvested key.
Note
By default, public keys from expired or self-signed S/MIME certificates are not harvested.
Before You Begin
Make sure that the public key of the sender’s S/MIME certificate meets the requirements described in