Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

20-18

Cisco AsyncOS 9.5 for Email User Guide

Chapter 20 S/MIME Security Services

Verifying, Decrypting, or Decrypting and Verifying Incoming Messages using S/MIME

Adding a Public Key for S/MIME Verification

Before You Begin

•

Make sure that the public key meets the requirements described in

S/MIME Certificate

Requirements, page 20-20

•

Make sure that the public key is in PEM format.

Procedure

Step 1

Click Mail Policies > Public Keys.

Step 2

Click Add Public Key.

Step 3

Enter the name of the public key.

Step 4

Enter the public key.

Step 5

Submit and commit your changes.

Note

Use the

smimeconfig

command to add public keys using CLI.

Harvesting Public Keys for S/MIME Verification

You can configure Email Security appliance to retrieve (harvest) public key from the incoming S/MIME
signed messages and use it to verify signed messages from the owner (business or consumer) of the
harvested key.

Note

By default, public keys from expired or self-signed S/MIME certificates are not harvested.

Procedure

Enable public key harvesting using the web interface or CLI. See

Enabling Public Key Harvesting,

page 20-18

Request the sender to send a signed message.

After the harvesting is complete, add the harvested public key to the appliance. See

Adding a

Harvested Public Key for S/MIME Verification, page 20-19

This step is to ensure that the message is verified at the gateway level.

Enabling Public Key Harvesting

Procedure

Step 1

Click Mail Policies > Mail Flow Policies.