• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 318
  • Last Modified:

Email Encryption between two AD Forest by implementing internal Microsoft CA

Can we send an encryption email between two AD Forest (vice versa) by implementing internal Microsoft CA.
E.g. abc.com domain have their own Enterprise or Standalone CA and xyz.com have their own Enterprise or Standalone CA
If can, how do the users for abc.com domain 'trust' the users from xyz.com domain? Is that something like this: abc.com domain users need to install xyz.com root certificate and xyz.com domain users need to install abc.com root certificate.
Is there any requrements to do on the servers level instead of at the client PC.

  • 2
1 Solution
you can install your own self signed certificates in microsoft.  Once you have the certificates you can use that to encrypt email as long as the domain is trusted in your root domains.  If not then you just have to right click on the digital signature and trust that certificate.  

The receiver must have the public key (the digital signature you sent) and you must have theirs.  After that you can encrypt.

i usually install the certificates using the mmc snap in. pick user certificates

aihaiaiAuthor Commented:
How do I install the self sign certificate?
Can you give the steps to do on domain abc.com and domain xyz.com e.g what to do on server level and what to do on both domain clients
go to this link.  it will give you step by step instructions


Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now