Cisco Cisco Email Security Appliance X1070 Guía Del Usuario
19-10
Cisco AsyncOS 9.1 for Email User Guide
Chapter 19 S/MIME Security Services
Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME
Procedure
Step 1
Click Mail Policies > Mail Flow Policies.
Step 2
Create a new Mail Flow Policy or modify an existing one. See
Step 3
Scroll down to the Security Features section.
Step 4
Under S/MIME Public Key Harvesting, do the following:
•
Enable S/MIME public key harvesting.
•
(Optional) Choose whether to harvest public keys if the verification of the incoming signed
messages fail.
messages fail.
•
(Optional) Choose whether to harvest updated public keys.
Note
If an appliance receives more than one updated public key from the same domain or message
within 48 hours, it sends out a warning alert.
within 48 hours, it sends out a warning alert.
Step 5
Submit and commit your changes.
Note
The size of the harvested public key repository on the appliance is 512 MB. If repository is full, Email
Security appliance will automatically remove unused public keys.
Security appliance will automatically remove unused public keys.
Note
Use the
listenerconfig
command to enable key harvesting using CLI.
Next Step
Request the recipient to send a signed message to the Email Security appliance administrator. The Email
Security appliance will harvest the public key from the signed message and displays it on the Mail
Policies > Harvested Public Keys page.
Security appliance will harvest the public key from the signed message and displays it on the Mail
Policies > Harvested Public Keys page.
Managing S/MIME Sending Profiles
An S/MIME sending profile allows you define parameters such as:
•
S/MIME mode to use, for example, sign, encrypt, and so on.
•
S/MIME certificate for signing
•
S/MIME signing mode to use, for example, opaque or detached.
•
Action to take if the public key of the recipient's S/MIME certificate is not available on the
appliance.
appliance.
For example, one organization requires all the messages sent to them be signed and another one requires
all the messages sent to them be signed and encrypted. In this scenario, you must create two sending
profiles, one for signing alone and one for signing and encryption.
all the messages sent to them be signed and encrypted. In this scenario, you must create two sending
profiles, one for signing alone and one for signing and encryption.