Symptom
How to setup S/MIME encryption of emails between C4C and their email clients and/or SMTP server
Environment
SAP Cloud for Customer
Reproducing the Issue
Configuring
- Go to Business Configuration work center, select your project from the list, and click Open Activity List.
- Click Fine-Tune.
- Open E-Mail Encryption and Signature Check.
- In the list of incoming e-mails, set the Signature for SAP Cloud for Service: E-Mail Security, B2B Scenario and SAP Cloud for Service: E-Mail, B2C Scenario. Choose Check (and Reject if Untrusted) if you require a high level of security or Do Not Check if you do not have security requirements.
- In the list of outgoing e-mails, set the Encryption and Signature for SAP Cloud for Service: E-Mail Security, B2B Scenario and SAP Cloud for Service: E-Mail Security, B2C Scenario. The suggested settings are Encrypt if possible for Encryption and Sign for Signature.
- Save your settings.
- Activate your settings.
- Choose Administrator Common Tasks Configure S/MIME.
- Click Activate S/MIME.
- Select Check signature of Incoming E-Mails to encrypt incoming e-mails. Select Encrypt Outgoing E-Mails to encrypt outgoing e-mails. Select Signing Outgoing E-Mails for your solution to provide a signature to other systems.
- The settings you selected in Fine-Tuning will only be enabled if you activate them. If you do not activate your settings, your system will not have security enabled.
- Save your settings.
Enabling
- Choose Configure S/MIME in the Administrator work center under Common Tasks.
- On the Incoming E-Mail tab, upload the CA certificates from all involved employees for the generic incoming e-mail addresses Business Task Management E-Mail Notifications.
- On the Outgoing E-Mail tab, install the system CA certificate in the e-mail client of the involved employee as follows:
- Click on Link to SAP CA and open the site SAP Trust Center Service Root Certificates.
- Click on SAP Passport CA Certificate. A pop-up opens.
- Click Install Certificate and follow the wizard by clicking Next.
- Select Place all certificates in the following store and click Browse.
- Select Trusted Root Certification Authorities and click OK and then Next. Now the CA from the system is installed locally.
- Now activate the S/MIME. On the Activate S/MIME tab, select the options:
- Check Signature of Incoming E-Mails
- Encrypt Outgoing E-Mails (optional)
- Signing Outgoing E-Mails
Resolution
- Scenario of incoming email to C4C: To decrypt encrypted emails received by it, you should download the S/MIME certificate of the corresponding C4C email address from the .Configure S/MIME screen and use it to encrypt the outgoing mails at your side.
- Scenario of outgoing email from C4C: To send encrypted email, you need to make sure corresponding S/MIME certificate of the email addresses are uploaded at Business Users ->Manage Certificates -> Upload S/MIME Certificate. You need to set the flag to encrypt outgoing emails by referring https://help.sap.com/docs/SAP_CLOUD_FOR_CUSTOMER/5f35ee8b31e44f2786d7c2696defa2f6/bb35ebd125a04c3e92e16287e32c05ee.html?locale=en-US
- S/MIME help (Applicable for C4C also): https://help.sap.com/docs/SAP_BUSINESS_BYDESIGN/0635ec3491974ad988be05d6b1dcf734/2bce9183722d1014a911d1295bbe154b.html?locale=en-US
See Also
S/MIME help (Applicable for C4C also): E-Mail Security | SAP Help Portal
Set Up Encryption for Inbound and Outbound Mails: Set Up Encryption for Inbound and Outbound Mails | SAP Help Portal
Keywords
S/MIME Encryption, SMTP server, certificate for Incoming email and Key pair for Outgoing emails , KBA , s/mime encryption , smtp server , certificate for incoming email , key pair for outgoing emails , SRD-CC-SEC , Security , Problem
Product
SAP Cloud for Customer core applications all versions