Using S/MIME encryption

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a standard for public key encryption and signing of MIME data. The FortiMail unit supports S/MIME encryption.

You can encrypt email messages with S/MIME between two FortiMail units. For example, if you want to encrypt and send an email from FortiMail unit A to FortiMail unit B, you need to do the following:

• import the CA certificate. For details, see “Managing certificates”.

• create a certificate binding for the outgoing email to obtain FortiMail unit B’s public key in the certificate to encrypt the email. For details, see “Configuring certificate bindings”.

• create an S/MIME encryption profile. For details, see “Configuring encryption profiles”.

• apply the S/MIME encryption profile in a policy to trigger the S/MIME encryption by either creating a message delivery rule to use the S/MIME encryption profile (see “Configuring delivery rules”), or creating a policy to include a content profile containing a content action profile with an S/MIME encryption profile (see “Controlling email based on recipient addresses”, “Controlling email based on IP addresses”, “Configuring content action profiles”, and “Configuring content profiles”).


	If the email to be encrypted is matched both by the message delivery rule and the policy, the email will be encrypted based on the content profile in the policy.

• create a certificate binding for the incoming email and import both FortiMail unit B’s private key and certificate to decrypt the email encrypted by FortiMail unit A using FortiMail unit B’s public key.