Cisco Cisco Email Security Appliance C170 Guia Do Utilizador

19-21

Cisco AsyncOS 9.1 for Email User Guide

Chapter 19 S/MIME Security Services

S/MIME Certificate Requirements

For detailed information about S/MIME certificates, see RFC 5750: Secure/Multipurpose Internet Mail
Extensions (S/MIME) Version 3.2 - Certificate Handling.

Certificate Requirements for Encryption

The S/MIME certificate for encryption must contain the following information:

City (Locality)

The city where the organization is legally located.

State (Province)

The state, county, or region where the organization is legally located.

Country

The two letter ISO abbreviation of the country where the organization is
legally located.

Duration before expiration

The number of days before the certificate expires.

Subject Alternative
Name(Domains)

Name of the domain from which you plan to send signed messages.
Examples include

domain.com

and

*.domain.net

. For multiple entries,

use a comma-separated list.

Subject Alternative
Name(Email)

Email address of the user who is planning to send signed messages, for
example,

user@somedomain.com

. For multiple entries, use a

comma-separated list.

Private Key Size

Size of the private key to generate for the CSR.

Key Usage

Key usage is a restriction method that determines what a certificate can be
used for. If the key usage extension is specified, the following bits:

digitalSignature

and

nonRepudiation

must be set.

If the key usage extension is not specified, receiving clients must presume
that the

digitalSignature

and

nonRepudiation

bits are set.

Common Name

The fully qualified domain name.

Organization

The exact legal name of the organization.

Organizational Unit

Section of the organization.