Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Email Security Appliance C680
501502503504505506507508509510
19-18
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 19 S/MIME Security Services
Verifying, Decrypting, or Decrypting and Verifying Incoming Messages using S/MIME
Adding a Public Key for S/MIME Verification
Before You Begin
Make sure that the public key meets the requirements described in S/MIME Certificate
Requirements, page 19-20.
Make sure that the public key is in PEM format.
Procedure
Step 1 Click Mail Policies > Public Keys.
Step 2 Click Add Public Key.
Step 3 Enter the name of the public key.
Step 4 Enter the public key.
Step 5 Submit and commit your changes.
Note Use the smimeconfig command to add public keys using CLI.
Harvesting Public Keys for S/MIME Verification
You can configure Email Security appliance to retrieve (harvest) public key from the incoming S/MIME
signed messages and use it to verify signed messages from the owner (business or consumer) of the
harvested key.
Note By default, public keys from expired or self-signed S/MIME certificates are not harvested.
Procedure
1. Enable public key harvesting using the web interface or CLI. See Enabling Public Key Harvesting,
page 19-18.
2. Request the sender to send a signed message.
3. After the harvesting is complete, add the harvested public key to the appliance. See Adding a
Harvested Public Key for S/MIME Verification, page 19-19.
This step is to ensure that the message is verified at the gateway level.
Enabling Public Key Harvesting
Procedure
Step 1 Click Mail Policies > Mail Flow Policies.