User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680

491

492

493

494

495

496

497

498

499

500

19-6

AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide

Chapter 19 S/MIME Security Services

Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME

How to Sign, Encrypt, or Sign and Encrypt Outgoing Messages using S/MIME

Note If you want to perform S/MIME signing, encryption, or signing and encryption using CLI, use the

smimeconfig command. See Cisco AsyncOS for Email CLI Reference Guide.

Setting Up Certificates for S/MIME Signing

You must set up an S/MIME certificate for signing messages. The Email Security appliance allows you

to set up S/MIME signing certificates using one of the following methods:

• Create a self-signed S/MIME certificate using the appliance. See Creating a Self-Signed S/MIME

Certificate, page 19-7.

Steps Do This More Info

Step 1 Understand the S/MIME certificate

requirements.

See S/MIME Certificate Requirements, page 19-20.

Step 2 Depending on your requirements, do one of the

following:

• For S/MIME signing, set up an S/MIME

signing certificate.

• For S/MIME encryption, set up the public

key of the recipient’s S/MIME certificate.

• For S/MIME signing and encryption, set

up an S/MIME signing certificate and the

public key of the recipient’s S/MIME

certificate, respectively.

See:

• Setting Up Certificates for S/MIME Signing,

page 19-6

• Setting Up Public Keys for S/MIME Encryption,

page 19-9

Step 3 Create a profile for signing, encrypting, or

signing and encrypting messages.

See Create an S/MIME Sending Profile for Signing,

Encrypting, or Signing and Encrypting Messages,

page 19-11.

Step 4 Define the conditions that messages must meet

in order for the appliance to sign, encrypt, or

sign and encrypt them.

See Determining Which Messages to Sign, Encrypt, or

Sign and Encrypt, page 19-13.

Step 5 Determine when in the email workflow to sign,

encrypt, or sign and encrypt messages.

See:

• Signing, Encrypting, or Signing and Encrypting and

Immediately Delivering Messages using a Content

Filter, page 19-13

• Signing, Encrypting, or Signing and Encrypting a

Message upon Delivery using a Content Filter,

page 19-14

Step 6 Define groups of users for whom you want to

sign or encrypt messages.

Create a mail policy.

See Chapter 10, “Mail Policies.”

Step 7 Associate the signing or encryption actions that

you defined with the user groups you defined.

Associate the content filter with the mail policy.

See Chapter 10, “Mail Policies.”