Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 2 subscribers
  • Views 2547 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Configure E-Mail Encryption

Revan
Hello,

i am trying to set up e-mail encryption for some of our users and have some questions:

The S/Mime CA Certificate is just for encryption between two UTMs in our company?

I have set up some internal users. The keys which i can download are the public keys?

The foreign public keys have to be uploaded in the s/mime certificates section?

Thank you for your time [:)]


This thread was automatically locked due to age.
Parents
  • 0
    Hi, Revan,

    S/MIME works with everyone.  If you use the self-signed CA, the receivers will have a warning until they install your CA.  If you have a CA issued by Thawte, for example, you shouldn't need to send your CA to the receivers.

    Yes, those are the public keys.  The PEM is only the user's certificate, but the PKCS#12 includes your CA.

    The UTM is supposed to automatically "strip" the cert from a signed email that it receives.  I think there's a bug and that this doesn't work in V9, but it did work in V6, V7 and V8.  So, yes, for the time being, you must upload the certs on the 'S/MIME Certificates' tab.

    Cheers - Bob
    PS Somewhere after 9.006-5, this was fixed as it works in 9.106-17.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    Hi, Revan,

    S/MIME works with everyone.  If you use the self-signed CA, the receivers will have a warning until they install your CA.  If you have a CA issued by Thawte, for example, you shouldn't need to send your CA to the receivers.

    Yes, those are the public keys.  The PEM is only the user's certificate, but the PKCS#12 includes your CA.

    The UTM is supposed to automatically "strip" the cert from a signed email that it receives.  I think there's a bug and that this doesn't work in V9, but it did work in V6, V7 and V8.  So, yes, for the time being, you must upload the certs on the 'S/MIME Certificates' tab.

    Cheers - Bob
    PS Somewhere after 9.006-5, this was fixed as it works in 9.106-17.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML