How to setup S/MIME for outbound and inbound email

tpoeckes
Giga Guru

Hi Everyone,  I need your help.

I need to implement encryption for both outbound and inbound emails within my company. We are using the SN (ServiceNow) email client to send and receive messages. To ensure secure communication, I plan to configure S/MIME encryption.

Here is my current understanding of how S/MIME works:

 

S/MIME – Outbound Email

  • Signing outbound emails from SN:
    ServiceNow uses the private key of the sender (SN instance email account) to digitally sign the email. The recipient (my company user) uses the sender’s public key to verify the signature.

  • Encrypting outbound emails:
    ServiceNow uses the recipients’ public keys (e.g., my company users) to encrypt the email. Each recipient then uses their own private key to decrypt the message.

 

S/MIME – Inbound Email

  • Signature verification for inbound emails into SN:
    The sender (my company user) signs the email using their private key. ServiceNow verifies the signature using the sender’s public key.

  • Decrypting inbound emails:
    The sender (my company user) encrypts the message using ServiceNow’s public key. ServiceNow then uses its private key to decrypt the email.

Where I’m confused is: where do we obtain the public/private keys?
Is this something that only my company needs to provide, or does it involve both ServiceNow and my company? I'm unsure of the exact requirements and the initial steps needed to get this set up.  For context, my company has around 90,000 employees, so I want to ensure we have a scalable and correct approach from the beginning.

1 REPLY 1

Chai Maddula
Giga Guru

Hi @tpoeckes 

 

Check with your client, there should be Public Key Infrastructure (PKI) / Infrastructure / AD team generates a PFX that contains Private key (for SN to sign and decrypt) and Corresponding public cert

 

If my response solves your query, please marked helpful by selecting Accept as Solution and Helpful