Before you can use email encryption, you must first create a Certificate Authority (CA) consisting of a CA certificate and a CA key. The CA certificate can be downloaded and stored locally. In addition, it can be installed as an external CA (S/MIME Authority) in other units as illustrated in the diagram to enable transparent email encryption between two Sophos UTM on AWS units.
Encryption: Using Two Sophos UTM on AWS Units
To configure email encryption, proceed as follows:
Click the toggle switch.
The toggle switch turns amber and the Email Encryption Certificate Authority (CA) area becomes editable.
Fill out the form in the Email Encryption Certificate Authority (CA) area. By default, the form is filled out with the values of the Management > System Settings > Organizational tab.
The toggle switch turns green and the following certificates and keys are being created:
- S/MIME CA Certificate
- Open PGP Postmaster Key
Note that this may take several minutes to complete. If you do not see the fingerprints of the S/MIME CA certificate or the OpenPGP Postmaster key, click the Reload button in the upper right corner of WebAdmin. The certificate and the key can be downloaded and locally stored.