Import an S/MIME key pair consisting of the private key and certificate to sign outbound emails or decrypt emails.

Before you begin

Role required: email_account_admin and sn_kmf.cryptographic_manager

Upload the private-public key pair corresponding to the instance email account.

You must have the key alias.
Note: When you create a PKCS12 file, ensure that it's created with a key alias.

Make sure the file format is PKCS #12.

About this task

This video shows you how to perform the following procedure.

Procedure

  1. Navigate to All > System Mailboxes > Administration > Email Accounts.
  2. Select the email account.
    Note: The keypair is associated with the email address and not the email account.
  3. Select the Import SMIME Key Pair related link.
  4. Select the Crypto Specifications tab and select the key alias.
    The algorithm definition screen is displayed.
  5. Complete the Algorithm Definition form.
    Table 1. Algorithm Definition form
    FieldDescription
    Crypto module Read only. Name of the selected cryptographic module displays.
    Crypto purpose SMIME Crypto Purpose
    Algorithm Type of algorithm used to accomplish the crypto purpose. The algorithm also controls the key origin. Adjusts automatically based on the selected crypto purpose.
    Enroll module for resource exchange Allows clones or backups to get their own unique keys.
    Note: Do not check the box.
  6. Select Next.
  7. In the Lifecycle Definition screen, select a Key Lifecycle from the Applies to column.
    Table 2. Key Lifecycle fields
    Applies to Selected key that the lifecycle applies to.
    For field Control for the key that the lifecycle applies to.
    Type Select if the valuation for the key lifecycle is a relative value or an absolute value or none.

    Relative value depends on other data entries in the system, such as key generation, activation, and deactivation.

    Absolute value is an exact value, such as a date.
    Lifecycle default Read only. Displays a value if set.
    Order Enter the sequence in which to process the key lifecycle state for the crypto specification.
    Relative duration Number of years, months, or days the key is valid.
    Relative duration type Duration of the lifecycle: Years, Months, or Days.
    Relative operation Before or After.
    Relative to Field the duration is relative to. Displays if a relative duration or operation is selected.
  8. Select Update.
  9. Select Next.
  10. In the Key Origin screen, in the Origin field select Import from PKCS12 and enter the key alias in the Key Alias field.
  11. Select Next.
  12. In the Key Creation screen, select Import Key.
  13. In the Import Keystore/Certificate dialog box, provide the keystore password and import the keystore/certificate.
    1. Provide the password in the Enter Keystore Password field.
    2. In the Import Keystore/Certificate field, select Browse and select the certificate to be imported.
    3. Select OK.
  14. Select the Module Keys tab to view the keys.

    Secure information for the keys will be stored on the Module Keys tab along with the private key and public key. The Key lifecycle state is set to Active.