Setting up S/MIME for email

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • S/MIME is a protocol for sending digitally signed and encrypted emails to ensure the confidentiality, authenticity and integrity.

    Set up S/MIME for outbound mails (signing and encryption)

    You can use S/MIME for outbound mails for the following purposes:
    • Digital signature
    • Encryption
    • Digital signature and encryption
    To set up S/MIME, the admin must have the following:
    • email_account_admin and sn_kmf.cryptographic_manager roles
    • Key pair (private key and public key)
    • CA certificate
    • Email certificate

    Upload the instance email account key pair and email certificates, and enable outbound S/MIME properties. For more information, see Enable S/MIME.

    If there are multiple recipients and some of the recipients do not have valid certificates, the email will be sent only to recipients with a valid certificate.

    Set up S/MIME for inbound mails (sign verification and decryption)

    S/MIME for inbound mails can be used for the following:
    • Signature verification
    • Decryption
    • Signature verification and decryption

    For information about enabling inbound S/MIME properties, see Enable S/MIME.

    If the system fails to decrypt a message, no inbound actions will run on the email and it is moved to the received-ignored status.

    To set up the system to ignore inbound signed emails if the signature cannot be verified or is invalid, admins can create the email.inbound.smime.ignore_unverified_emails and set it to true.

    For more information about key management and cryprographic module, see Key Management Framework Reference.