Cisco Cisco Email Security Appliance C170 사용자 가이드

For Email Security appliances that are not FIPS-compliant, use Add Key on the 
Mail Policies > Signing Keys page to create new signing keys. 

On Email Security appliances with a FIPS-compliant HSM card, the FIPS Officer 
creates new signing keys using Add Key on the FIPS Management page. 
AsyncOS restricts the Mail Policies > Signing Keys page from creating new 
signing keys. See 

for more information on FIPS.

To create a new signing key:

Click Add Key. The Add Key page is displayed.

Enter a name for the key. 

Click Generate and Select a key size.

Larger key sizes are more secure; however, larger keys can have an impact on 
performance. IronPort recommends a key size of 768 bits, which should 
provide a good balance between security and performance.

For Email Security appliances with a HSM card, only 1024 and 2048 bits key 
sizes are available for sigining keys.

Click Submit. The key is generated.

Commit your changes to finish adding the new signing key.

If you have not done so already, you may need to edit your domain profile to 
assign the key.

When you export signing keys, all of the keys currently existing on your Cisco 
IronPort appliance are exported together in a single text file. To export signing 
keys:

Click Export Keys on the Signing Keys page. The Export Signing Keys page is 
displayed: