User Guide
19-16
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 19 S/MIME Security Services
Verifying, Decrypting, or Decrypting and Verifying Incoming Messages using S/MIME
How to Verify, Decrypt, or Decrypt and Verify Incoming Messages Using
S/MIME
Note If you want to perform S/MIME verification, decryption, or decryption and verification using CLI, use
the listenerconfig > hostaccess command. See the CLI inline help for more details.
Setting Up Certificates for Decrypting Messages
You must add your organization’s S/MIME certificate (that contains the private key required to perform
decryption) to the appliance.
Steps Do This More Info
Step 1 Understand the S/MIME certificate
requirements.
See S/MIME Certificate Requirements, page 19-20.
Step 2 Depending on your requirements, do one of the
following:
• For S/MIME decryption, add your
organization’s S/MIME certificate (that
contains the private key required to
perform decryption) to the appliance.
• For S/MIME verification, add the public
key of the sender's S/MIME certificate
required to perform verification to the
appliance.
• For S/MIME decryption and verification,
add the following to the appliance:
–
Your organization’s S/MIME
certificate (that contains the private
key required to perform decryption) to
the appliance.
–
Public key of the sender's S/MIME
certificate required to perform
verification.
See
• Setting Up Certificates for Decrypting Messages,
page 19-16
• Setting Up Public Keys for Verifying Signed
Messages, page 19-17
Step 3 Configure your mail flow policies to verify,
decrypt, or decrypt and verify incoming
messages using S/MIME.
See Enabling S/MIME Decryption and Verification,
page 19-19.
Step 4 (Optional) Define the action that the Email
Security appliance takes on decrypted or
verified messages.
See Configuring an Action for S/MIME Decrypted or
Verified Message, page 19-20.