Hello Experts, 

We have enabled SMIME settings(Open activity config- E-Mail Encryption and Signature Check) in C4C to allow digital signature emails only from customers. 

After activating the above settings, still emails sent by the customers are blocked by SAP and they are getting email notification 'Signature verification failed'.

Couple of questions:

1. Though we activated the SMIME settings why SAP is blocking those emails?

2. Do we need to share the SAP CA certificate maintained in open activity config 'Load Certificates and Activate Signing and Encryption for E-Mails' to the customers? If that is the case do they need to upload the certificate in their email server before they send digital signature emails? or 

3. Do we need to upload the SAP CA certificate in our internal O365 servers as the emails are forwarded from our internal mail servers?

4. Any other settings that we are missing except the SMIME settings in two open activity configurations 'E-Mail Encryption and Signature Check' & 'Load Certificates and Activate Signing and Encryption for E-Mails'.

I am sure you might have came across this scenario, please let me know your thoughts and possible solution.