Cisco Cisco Email Security Appliance C190 Guía Del Usuario
18-5
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 18 Cisco Email Encryption
Encrypting Messages using the Email Security Appliance
You can assign an encryption profile to a custom user role to allow delegated administrators assigned to
that role to use the encryption profile with their DLP policies and content filters. Only administrators,
operators, and delegated users can use encryption profiles when configuring DLP policies and content
filters. Encryption profiles that are not assigned to a custom role are available for use by all delegated
administrators with mail or DLP policy privileges. See
that role to use the encryption profile with their DLP policies and content filters. Only administrators,
operators, and delegated users can use encryption profiles when configuring DLP policies and content
filters. Encryption profiles that are not assigned to a custom role are available for use by all delegated
administrators with mail or DLP policy privileges. See
information.
Note
You can configure multiple encryption profiles for a hosted key service. If your organization has multiple
brands, this allows you to reference different logos stored on the key server for the PXE envelopes.
brands, this allows you to reference different logos stored on the key server for the PXE envelopes.
An encryption profile stores the following settings:
•
Key server settings. Specify a key server and information for connecting to that key server.
•
Envelope settings. Specify details about the message envelope, such as the level of security,
whether to return read receipts, the length of time a message is queued for encryption before it times
out, the type of encryption algorithm to use, and whether to enable a decryption applet to run on the
browser.
whether to return read receipts, the length of time a message is queued for encryption before it times
out, the type of encryption algorithm to use, and whether to enable a decryption applet to run on the
browser.
•
Message settings. Specify details about messages, such as whether to enable secure message
forwarding and secure Reply All.
forwarding and secure Reply All.
•
Notification settings. Specify the notification template to use for text and HTML notifications, as
well as encryption failure notifications. You create the templates in text resources and select the
templates when creating the encryption profile. You can also localize envelopes and specify a
message subject for encryption failure notifications. For more information about notifications, see
well as encryption failure notifications. You create the templates in text resources and select the
templates when creating the encryption profile. You can also localize envelopes and specify a
message subject for encryption failure notifications. For more information about notifications, see
and
.
Procedure
Step 1
In the Email Encryption Profiles section, click Add Encryption Profile.
Step 2
Enter a name for the Encryption Profile.
Step 3
Click the Used By (Roles) link, select the custom user role you want to have access to the encryption
profile, and click OK.
profile, and click OK.
Delegated administrators assigned to this custom role can use the encryption profile for any DLP policies
and content filters for which they are responsible.
and content filters for which they are responsible.
Step 4
In the Key Server Settings section, select from the following key servers:
•
Cisco Encryption appliance (in network)
•
Cisco Registered Envelope Service (hosted key service)
Step 5
If you select the Cisco Encryption appliance (local key service), enter the following settings:
•
Internal URL. This URL is used by the Cisco Email Security appliance to contact the in-network
Cisco Encryption appliance.
Cisco Encryption appliance.
•
External URL. This URL is used when the recipient’s message accesses keys and other services on
the Cisco Encryption appliance. The recipient uses this URL to make inbound HTTP or HTTPS
requests.
the Cisco Encryption appliance. The recipient uses this URL to make inbound HTTP or HTTPS
requests.
Step 6
If you select the Cisco Registered Envelope Service, enter the URL for the hosted key service. The key
service URL is
service URL is
https://res.cisco.com
.