Internal Users

For signing and decrypting messages, either the S/MIME key or the OpenPGPClosed private key must be existent on Sophos UTM. On the Encryption > Internal Users tab you can create both an individual S/MIMEClosed key/certificate and/or OpenPGP key pair for those users for whom email encryption should be enabled.

Important – Starting with version 9.508, the UTM uses new algorithms and engines for S/MIME. Find detailed information on the changes in the Sophos Knowledge Base.

To create an internal email user, proceed as follows:

  1. On the Internal Users tab, click New Email Encryption User.

    The Add User dialog box opens.

  2. Make the following settings:

    Email address: Enter the email address of the user.

    Full name: Enter the name of the user.

    Signing: The following signing options are available:

    Encryption: The following encryption options are available:

    Verifying: The following verification options are available:

    Decryption: The following decryption options are available:

    S/MIME: Select whether you want to have the S/MIME certificate and key automatically generated by the system or whether you want to upload a certificate in PKCS#12 format. When uploading the certificate, you must know the passphrase the PKCS#12 file was protected with. Note that the PKCS#12 file must both contain the S/MIME key and certificate. Any CAClosed certificate that may be included in this PKCS#12 file will be ignored.

    OpenPGP: Select whether you want to have the OpenPGP key pair consisting of a private key and the public key automatically generated by the system or whether you want to upload the key pair in ASCII format. Note that both private and public key must be included in one single file and that the file must not contain a passphrase.

    Note – If you configure both S/MIME and OpenPGP for an individual user, emails sent by this user will be signed using S/MIME.

    Comment (optional): Add a description or other information.

  3. Click Save.

    The new user appears on the Internal Users list.

Use the toggle switch to turn the usage of one or both keys off without having to delete the key(s).

Note – The files offered for download contain the S/MIME certificate. The OpenPGP certificate offers the public key. For security reasons it is not possible to download the OpenPGP private key or the S/MIME key.

© 2019 Sophos Limited Sophos UTM 9.600