Cisco Cisco Email Security Appliance C160 Mode D'Emploi

Click Mail Policies > Mail Flow Policies.

Create a new Mail Flow Policy or modify an existing one. See 

Scroll down to the Security Features section.

Under S/MIME Public Key Harvesting, do the following:

Enable S/MIME public key harvesting.

(Optional) Choose whether to harvest public keys if the verification of the incoming signed 
messages fail. 

(Optional) Choose whether to harvest updated public keys.

If an appliance receives more than one updated public key from the same domain or message 
within 48 hours, it sends out a warning alert. 

Submit and commit your changes.

The size of the harvested public key repository on the appliance is 512 MB. If repository is full, Email 
Security appliance will automatically remove unused public keys.

Use the 

listenerconfig

 command to enable key harvesting using CLI.

Request the recipient to send a signed message to the Email Security appliance administrator. The Email 
Security appliance will harvest the public key from the signed message and displays it on the Mail 
Policies > Harvested Public Keys page.

An S/MIME sending profile allows you define parameters such as:

S/MIME mode to use, for example, sign, encrypt, and so on.

S/MIME certificate for signing

S/MIME signing mode to use, for example, opaque or detached.

Action to take if the public key of the recipient's S/MIME certificate is not available on the 
appliance.

For example, one organization requires all the messages sent to them be signed and another one requires 
all the messages sent to them be signed and encrypted. In this scenario, you must create two sending 
profiles, one for signing alone and one for signing and encryption.