• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 257
  • Last Modified:

Signing certificates.

Hi,
I have a group of users sharing an exchange mailbox and need to provide them with with a signing cet' .
Thing is I dont want to let them have access to the cert.
The mailbox is located on dedicated exchange server (it could just the same be on an exchange 2007 box if that is the case)..IIs there a way to implement digital sigening for all outging mail on an exchange server in general (or for a mailbox specificly) regardless of the user that sends?
In other words - the user would even be oblivious to the fact..?
0
Elad-a
Asked:
Elad-a
  • 3
  • 3
  • 2
1 Solution
 
AbhijeetNigamCommented:
you can enable TLS on your SMTP gateway that will send mails signed at the SMTP gateway. So In this case user has no access to certificate

http://www.google.co.in/search?hl=en&q=how+to+enable+TLS+exchange+2007&meta=&aq=f&oq=
0
 
Elad-aAuthor Commented:
Thanks for your response.
Once I implement that, what will the recipient (external to my organization) see, a signed Email?
The idea is that Id like the server to do the signing instead of the users within outlook (also I dont want the cert to be individual per user but per server or mailbox). And Id like all mail items that come out of that server to sign -so the recipient that receives a mail item from that account or server knows for a fact that it comes from my organization.
Thanks
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
MesthaCommented:
TLS doesn't sign emails. It is a server to server communication protocol. The content isn't touched. The recipient will not know that the message was transferred in that way unless they look at the headers.

If you want to sign the message then it needs to be done client side, which means the users will need to have the certificate in their Outlook.

Simon.
0
 
Elad-aAuthor Commented:
:-) thats exactly what i want to avoid.
0
 
MesthaCommented:
I don't think you can. The message needs to be signed at the point of creation before it is passed in the message transport system. The whole point of messaging signing is that the sender knows the message hasn't be interfered with.

Simon.
0
 
Elad-aAuthor Commented:
Ya, I know. im looking for a way to get that done without client side intervention..
Is ther maybe a way to policy a cert onto a user account (without user interventilon at all)?
Or script it into their working environment (without user interventilon at all)?
Thanks

Jason.
0
 
MesthaCommented:
I am not aware of any way that you can.
It might be possible to sign all emails, but that is all, certainly using native tools.

Simon.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now