We help IT Professionals succeed at work.

Email Encryption between two AD Forest by implementing internal Microsoft CA

Medium Priority
Last Modified: 2010-03-17
Can we send an encryption email between two AD Forest (vice versa) by implementing internal Microsoft CA.
E.g. abc.com domain have their own Enterprise or Standalone CA and xyz.com have their own Enterprise or Standalone CA
If can, how do the users for abc.com domain 'trust' the users from xyz.com domain? Is that something like this: abc.com domain users need to install xyz.com root certificate and xyz.com domain users need to install abc.com root certificate.
Is there any requrements to do on the servers level instead of at the client PC.

Watch Question

you can install your own self signed certificates in microsoft.  Once you have the certificates you can use that to encrypt email as long as the domain is trusted in your root domains.  If not then you just have to right click on the digital signature and trust that certificate.  

The receiver must have the public key (the digital signature you sent) and you must have theirs.  After that you can encrypt.

i usually install the certificates using the mmc snap in. pick user certificates


How do I install the self sign certificate?
Can you give the steps to do on domain abc.com and domain xyz.com e.g what to do on server level and what to do on both domain clients
go to this link.  it will give you step by step instructions


Explore More ContentExplore courses, solutions, and other research materials related to this topic.