On the Email Protection > Encryption > Global tab you can configure the basic settings of the email encryption functionality.

Note – Encryption works only for SMTP, not for POP3.

Before you can use email encryption, you must first create a Certificate Authority (CA) consisting of a CA certificate and a CA key. The CA certificate can be downloaded and stored locally. In addition, it can be installed as an external CA (S/MIMEClosed Secure/Multipurpose Internet Mail Extensions Authority) in other units as illustrated in the diagram to enable transparent email encryption between two Sophos UTM units.

Encryption: Using Two Sophos UTM Units

To configure email encryption, proceed as follows:

  1. On the Global tab, enable email encryption.

    Click the toggle switch.

    The toggle switch turns amber and the Email Encryption Certificate Authority (CA) area becomes editable.

  2. Create a certificate authority (CA).

    Fill out the form in the Email Encryption Certificate Authority (CA) area. By default, the form is filled out with the values of the Management > System Settings > Organizational tab.

  3. Click Save.

    The toggle switch turns green and the following certificates and keys are being created:

    Note that this may take several minutes to complete. If you do not see the fingerprints of the S/MIME CA certificate or the OpenPGP Postmaster key, click the Reload button in the upper right corner of WebAdmin. The certificate and the key can be downloaded and locally stored.

Use the Reset Email Encryption System Now button to reset all settings in the Encryption menu to the factory default configuration. This will delete the CA as well as all users.