User Guide
19-10
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 19 S/MIME Security Services
Signing, Encrypting, or Signing and Encrypting Outgoing Messages using S/MIME
Procedure
Step 1 Click Mail Policies > Mail Flow Policies.
Step 2 Create a new Mail Flow Policy or modify an existing one. See Defining Which Hosts Are Allowed to
Connect Using the Host Access Table (HAT), page 7-1.
Step 3 Scroll down to the Security Features section.
Step 4 Under S/MIME Public Key Harvesting, do the following:
• Enable S/MIME public key harvesting.
• (Optional) Choose whether to harvest public keys if the verification of the incoming signed
messages fail.
• (Optional) Choose whether to harvest updated public keys.
Note If an appliance receives more than one updated public key from the same domain or message
within 48 hours, it sends out a warning alert.
Step 5 Submit and commit your changes.
Note The size of the harvested public key repository on the appliance is 512 MB. If repository is full, Email
Security appliance will automatically remove unused public keys.
Note Use the listenerconfig command to enable key harvesting using CLI.
Next Step
Request the recipient to send a signed message to the Email Security appliance administrator. The Email
Security appliance will harvest the public key from the signed message and displays it on the Mail
Policies > Harvested Public Keys page.
Managing S/MIME Sending Profiles
An S/MIME sending profile allows you define parameters such as:
• S/MIME mode to use, for example, sign, encrypt, and so on.
• S/MIME certificate for signing
• S/MIME signing mode to use, for example, opaque or detached.
• Action to take if the public key of the recipient's S/MIME certificate is not available on the
appliance.
For example, one organization requires all the messages sent to them be signed and another one requires
all the messages sent to them be signed and encrypted. In this scenario, you must create two sending
profiles, one for signing alone and one for signing and encryption.