Using PKI Certificates with Outlook

G

Guest

<Previously posted in m.p.o.contacts but no replies there...>

The Company recently implemented PKI certs to digitally sign and/or
encrypt email. Questions I have:

I thought a user should be able to publish her/his Public Key to the
GAL so others could import and use it? In other words, if I wanted to
send an encrypted email to a user, I should be able to retrieve
her/his Public key from the GAL entry and encrypt the message and
attachments. The user retrieving that email would employ her/his
Private key to decrypt.

But the way ours is set up (I think), the user has to send me a
digitally signed email first, and then I have to store the key in my
Address Book.

IMHO, keeping an Address Book kind of defeats the pupose of having the
GAL on the Exchange Server.. Now I have multiple entires for each
person - just to be able to use the PKI cert.

(I do understand I probably need the Address Book entry as a container
for correspndents external to the Company, not on our Exchange server
or its affiliated trusted domains.)

What am I missing as far as The GAL and PKI certs?

TIA!

/Lac/
 
W

Wen Sun [MSFT]

Dear Lac,

Thank you for your post!

Based on my research and test, we should be able to encrypt the message
with the public key retrieving from GAL directly instead of saving it
locally. I am not sure how you implemented your PKI system, but I suggest
you follow the article below to make sure the Exchange 2003-Based Message
Security System is implemented correctly:

Exchange Server 2003 Message Security Guide
http://www.microsoft.com/downloads/details.aspx?familyid=2305405C-FAF1-488A-
A856-AD467BB59B26&displaylang=en

If the problem persists, I would like to collect the following information
for further analysis:

1. Can OWA work?
2. If you use Outlook 2003, does it work if Cached Exchange Mode is
disabled?
3. What is the error message when you send an encrypted message?

I hope it helps and I am looking forward to your reply!

Thanks & regards,

Wen Sun
Microsoft Online Partner Support
MCP, MCP+I, MCSE,

Get Secure! - www.microsoft.com/security

====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
Business-Critical Phone Support (BCPS) provides you with technical phone
support at no charge during critical LAN outages or "business down"
situations. This benefit is available 24 hours a day, 7 days a week to all
Microsoft technology partners in the United States and Canada.

This and other support options are available here:
BCPS:
https://partner.microsoft.com/US/technicalsupport/supportoverview/40010469

Others: https://partner.microsoft.com/US/technicalsupport/supportoverview/

If you are outside the United States, please visit our International
Support page:
http://support.microsoft.com/default.aspx?scid=/international.aspx.

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Wen Sun [MSFT]

Hi,

Did my explanation in my previous post address you problem regarding the
PKI issue? Please drop me a note if you need further assistance.

Thank you for your time.
Have a good day!

Thanks & regards,

Wen Sun
Microsoft Online Partner Support
MCP, MCP+I, MCSE,

Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.
 
G

Guest

Thank you for your replies, Wen. I've been off the group for a couple
of days - just now catching up! I am not the Admin guy but I will
check that MS article and see what I can find out.

Our certs are issued on SmartCards, by the way, which must be inserted
whenever encrypting an email. I don't believe the SmartCard needs to
be inserted for Digitally Signing the email after the cert has been
imported from the SmartCard into the PC.

I'll check some more at wotk tomorrow. Thanks for volunteering to
help!

/Lac/
 
W

Wen Sun [MSFT]

Hi Lac,

Thank you for your reply. If you have any update on this particular issue,
don't hesitate to let me know by posting back here. Looking forward to your
feedback.

Have a nice day!

Thanks & regards,

Wen Sun
Microsoft Online Partner Support
MCP, MCP+I, MCSE,

Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.
 
W

Wen Sun [MSFT]

Dear Lac,

Are you fine with the thread? Please drop me a note if you need further
assistance.

Thank you for your time.

Have a good day!

Thanks & regards,

Wen Sun
Microsoft Online Partner Support
MCP, MCP+I, MCSE,

Get Secure! - www.microsoft.com/security

This posting is provided "AS IS" with no warranties, and confers no rights.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top