User Guide
19-22
AsyncOS 9.1.2 for Cisco Email Security Appliances User Guide
Chapter 19 S/MIME Security Services
S/MIME Certificate Requirements
For detailed information about S/MIME certificates, see RFC 5750: Secure/Multipurpose Internet Mail
Extensions (S/MIME) Version 3.2 - Certificate Handling.
Before You Begin
• Make sure that the public key meets the requirements described in S/MIME Certificate
Requirements, page 19-20.
• Make sure that the public key is in PEM format.
Procedure
Step 1 Click Mail Policies > Public Keys.
Step 2 Click Add Public Key.
Step 3 Enter the name of the public key.
Step 4 Enter the public key.
Step 5 Submit and commit your changes.
Note Use the smimeconfig command to add public keys using CLI.
Before You Begin
Copy the export file to the /configuration directory of the appliance. For instructions to create an
export file, see Exporting Public Keys, page 19-23.
Procedure
Step 1 Click Mail Policies > Public Keys.
Step 2 Click Import Public Keys.
Step 3 Select the export file and click Submit.
Subject Alternative
Name(Domains)
Name of the domain to which you plan to send encrypted messages.
Examples include
domain.com and *.domain.net. For multiple entries,
use a comma-separated list.
If you plan to send encrypted messages to all the users in a domain, the
public key should include a SAN Domain.
Subject Alternative
Name(Email)
Email address of the user to whom you plan to send encrypted messages,
for example,
user@somedomain.com. For multiple entries, use a
comma-separated list.
Private Key Size
Size of the private key to generate for the CSR.
Key Usage
Key usage is a restriction method that determines what a certificate can be
used for. The key usage extension must be specified and the following bit
must be set:
keyEncipherment.