SAP Knowledge Base Article - Public

3343368 - How to Setup S/MIME Encryption of Emails Between C4C and their Email Clients and/or SMTP Server


How to setup S/MIME encryption of emails between C4C and their email clients and/or SMTP server


 SAP Cloud for Customer

Reproducing the Issue


  1. Go to Business Configuration work center, select your project from the list, and click Open Activity List.
  2. Click Fine-Tune.
  3. Open E-Mail Encryption and Signature Check.
  4. In the list of incoming e-mails, set the Signature for SAP Cloud for Service: E-Mail Security, B2B Scenario and SAP Cloud for Service: E-Mail, B2C Scenario. Choose Check (and Reject if Untrusted) if you require a high level of security or Do Not Check if you do not have security requirements.
  5. In the list of outgoing e-mails, set the Encryption and Signature for SAP Cloud for Service: E-Mail Security, B2B Scenario and SAP Cloud for Service: E-Mail Security, B2C Scenario. The suggested settings are Encrypt if possible for Encryption and Sign for Signature.
  6. Save your settings.
  7. Activate your settings.
  8. Choose Administrator  Common Tasks  Configure S/MIME.
  9. Click Activate S/MIME.
  10. Select Check signature of Incoming E-Mails to encrypt incoming e-mails. Select Encrypt Outgoing E-Mails to encrypt outgoing e-mails. Select Signing Outgoing E-Mails for your solution to provide a signature to other systems.
  11. The settings you selected in Fine-Tuning will only be enabled if you activate them. If you do not activate your settings, your system will not have security enabled.
  12. Save your settings.


  1. Choose Configure S/MIME in the Administrator work center under Common Tasks.
  2. On the Incoming E-Mail tab, upload the CA certificates from all involved employees for the generic incoming e-mail addresses Business Task Management E-Mail Notifications.
  3. On the Outgoing E-Mail tab, install the system CA certificate in the e-mail client of the involved employee as follows:
  4. Click on Link to SAP CA and open the site SAP Trust Center Service  Root Certificates.
  5. Click on SAP Passport CA Certificate. A pop-up opens.
  6. Click Install Certificate and follow the wizard by clicking Next.
  7. Select Place all certificates in the following store and click Browse.
  8. Select Trusted Root Certification Authorities and click OK and then Next. Now the CA from the system is installed locally.
  9. Now activate the S/MIME. On the Activate S/MIME tab, select the options:
  10. Check Signature of Incoming E-Mails
  11. Encrypt Outgoing E-Mails (optional)
  12. Signing Outgoing E-Mails


  1. Scenario of incoming email to C4C: To decrypt encrypted emails received by it, you should download the S/MIME certificate of the corresponding C4C email address from the .Configure S/MIME screen and use it to encrypt the outgoing mails at your side.
  2. Scenario of outgoing email from C4C: To send encrypted email, you need to make sure corresponding S/MIME certificate of the email addresses are uploaded at Business Users ->Manage Certificates -> Upload S/MIME Certificate. You need to set the flag to encrypt outgoing emails by referring
  3.  S/MIME help (Applicable for C4C also):

See Also

S/MIME help (Applicable for C4C also): E-Mail Security | SAP Help Portal

Set Up Encryption for Inbound and Outbound Mails: Set Up Encryption for Inbound and Outbound Mails | SAP Help Portal


 S/MIME Encryption,  SMTP server, certificate for Incoming email and Key pair for Outgoing emails , KBA , s/mime encryption , smtp server , certificate for incoming email , key pair for outgoing emails , SRD-CC-SEC , Security , Problem


SAP Cloud for Customer core applications all versions