We have a Windows 2003 Server with Exchange 2003 Enterprise and also the Microsoft Certificate Authority running without any problem at all.... until a couple of weeks ago.
I understand that to be able to encrypt an email using the Digital Signature generated by our own Certificate Authority, first the user has to send his certificate and the recipient has to reply with his certificate. From that point on, both users can send encrypted email between them. That part has been working fine.
The problem we are having now is that somehow, some users can encrypt to a distribution list... And some members of that distribution list have not changed certificates with the sender... so some members are not able to read the email.
I understand that in Outlook, after selecting the distribution list, if the sender clicks on the + sign, the distribution list will expand and the email is no longer being sent to the distribution list, but instead it is sent to each member of that distribution list. This way the sender (as long as he has all certificates from the recipients) will be able to encrypt the email.
But this is not the case.... The user is only typing SUPPORT@DOMAIN.COM, and is able to send it encrypted.
1) If it's only a distribution list, how is it possible that some users can encrypt to them?
2) How can I correct the situation so it does not keep happening?
Thanks for your help,