Open with table of contents

Define an automatic mail encryption endpoint

You can define a mail encryption endpoint without selecting the encryption certificate. The Email Gateway automatically searches for the correct encryption certificate to use.

1. Point to the System tab.
2. Under Encryption, click Mail Encryption Endpoints.

3. Do one of the following:

   • On the Encryption Endpoints toolbar, click New.
   • In the Task panel, click New encryption endpoint.

   The Email Gateway creates a new encryption endpoint, and then displays the Modify Mail Encryption Endpoint page.

4. For each group of settings, click Click here to change these settings, and then follow the instructions on screen.

   • You will find extra information about some of the settings later in this topic.
   • Some of the settings may not be available in FIPS mode.

5. In the For mail sent to the area, click Click here to change these settings, and then follow the instructions on screen.

   Extra information

   Setting	Description
   Email address	Enter a maximum of 160 characters.
   Domain	Enter a fully-qualified domain name, maximum 160 characters.

6. In the Messages will be encrypted area, click Click here to change these settings.

7. Select Encrypt the message using the recipient's key.

   When the email message is sent, the Email Gateway selects a PGP or S/MIME certificate with the recipient’s email address as its owner.

8. In the PGP Options area, click Click here to change these settings, and then follow the instructions on screen.

   PGP encryption is not available in FIPS mode. If your Gateway is operating in FIPS mode, you will only be able to use S/MIME defaults. This is to maintain compliance with FIPS 140-2.

9. Apply the configuration.

What else do I need to know?

• When Automatic Encryption using the recipient's key is selected, and the Automatic Encryption default setting is to use password encryption if an encryption key cannot be found, the Email Gateway will use Password Encryption.

  However, if the PGP default setting is to use inline format, and the definition of whether Message Attachments will be encrypted is different from that in Password Encryption Defaults, the PGP setting takes precedence.

• The key type (PGP or S/MIME) selected for encryption and signing must be the same. When using automatic encryption and signing, the key type selected for encryption takes precedence over the possible keys that could be used for signing.
• When automatic encryption is selected, and signing is also specified, the message will not be signed if the encryption fails and reverts to password encryption.

See also...

• Configure the encryption/decryption default settings
• Apply the new configuration
• Apply encryption endpoints to a mail policy route