Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

20-19

User Guide for AsyncOS 9.8 for Cisco Email Security Appliances

Chapter 20 S/MIME Security Services

Verifying, Decrypting, or Decrypting and Verifying Incoming Messages using S/MIME

Step 2

Create a new Mail Flow Policy or modify an existing one. See

Defining Which Hosts Are Allowed to

Connect Using the Host Access Table (HAT), page 7-1

Step 3

Scroll down to the Security Features section.

Step 4

Under S/MIME Public Key Harvesting, do the following:

•

Enable S/MIME public key harvesting.

•

(Optional) Choose whether to harvest public keys if the verification of the incoming signed
messages fail.

•

(Optional) Choose whether to harvest updated public keys.

Note

If an appliance receives more than one updated public key from the same domain or message
within 48 hours, it sends out a warning alert.

Step 5

Submit and commit your changes.

Note

The size of the harvested public key repository on the appliance is 512 MB. If the repository is full used,
Email Security appliance will automatically remove unused public keys.

Note

Use the

listenerconfig

command to enable key harvesting using CLI.

Adding a Harvested Public Key for S/MIME Verification

Procedure

Step 1

Click Mail Policies > Harvested Public Keys.

Step 2

Click on the intended harvested public key and copy the public key.

Step 3

Add the public key to the appliance. See

Adding a Public Key for S/MIME Verification, page 20-18

Step 4

Submit and commit your changes.

Enabling S/MIME Decryption and Verification

Procedure

Step 1

Click Mail Policies > Mail Flow Policies.

Step 2

Create a new Mail Flow Policy or modify an existing one. See

Defining Which Hosts Are Allowed to

Connect Using the Host Access Table (HAT), page 7-1

Step 3

Scroll down to the Security Features section.