This article explains how to set up outgoing encryption for your own S/MIME certificates and PGP keys in the Control Panel.
After the Email Encryption module has been activated and the required certificates or keys have been stored in the Hornetsecurity systems, the desired encryption method must be activated in the Control Panel and applied via an encryption rule.
Prerequisites
Make sure the following prerequisites are met:
- The Email Encryption module is activated for the customer.
- The desired encryption method, S/MIME or PGP, is activated.
- The public certificates or keys of the external communication partner are already stored or have been stored by Hornetsecurity Support.
Activate Encryption Method
- Log in to the Control Panel.
- Select the desired customer in the area selection.
- Navigate to Email Security > Email Encryption > Encryption Methods.
- Activate the desired encryption method:
- S/MIME
- PGP
If the encryption method is not activated, it will not be applied even if valid certificates or keys are available.
Create Encryption Rule for Outgoing Emails
To encrypt outgoing emails, in certain cases an appropriate encryption rule must be created.
For S/MIME, an encryption rule is only necessary for users who are not listed under the S/MIME Users tab.
If a user is listed under the S/MIME Users tab, that user has a private S/MIME certificate. If the option “Encrypt if possible” is enabled for this user, outgoing encryption will be applied automatically as soon as a suitable public certificate of the recipient is available.
Note: The option “Encrypt if possible” overrides other configured encryption rules for outgoing S/MIME encryption.
For PGP as well as for S/MIME users without this option, an encryption rule must be created:
- Open the Email Security > Email Encryption > Outgoing Email Rules section in the Control Panel.
- Create a new rule for outgoing emails. Then select “Advanced” as the criterion.
- Select S/MIME or PGP as the encryption method.
- Specify for which senders, recipients, or domains the rule should apply.
- Save the rule.
Outgoing encryption is only applied if the rule conditions are met and a suitable public certificate or a suitable public key of the recipient is available.
Please note: After creating a rule, it takes about 30 minutes for it to be rolled out and active on all our servers.