Exchange level decryption

Greetings,

One of our vendors sends PKI encrypted emails to us using a public key we provided them.  The certificate was generated by our internal CA and we simply exported the the public key to them.  The messages come from a single source, but there are multiple mailboxes that it sends too.  We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message.  Keeping up with where and who has the certificate installed is an administrative nightmare.  Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?

LGECCUEX
lgeccuexAsked:
Who is Participating?
 
mlongohCommented:
Probably not.  Why not use a GPO that's Group Filtered to automatically install the certificate to the appropriate users?  Once built and tested, all you'd have to do is add the user to the group.
0
 
lgeccuexAuthor Commented:
Where in the Outlook admin GPO template would I find that setting.  I cannot seem to find a setting for it.
0
 
mlongohCommented:
Do you have to install the cert in Outlook or do you simply install it on the workstation?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
lgeccuexAuthor Commented:
We import it into Outlook (2007) using the Email Security section of the Trust Center.
0
 
mlongohCommented:
Look here - I think that this is what you're looking for:
http://blogs.technet.com/b/exchange/archive/2008/04/23/3405402.aspx
0
 
lgeccuexAuthor Commented:
Unfortunatly not.  The problem is not with mail contacts or out going encrypted emails.  We just can't seem to find a way to configure the Digital ID in Outlook from the backend.  I tried attaching the cert to the AD user account but to no avail.
0
 
mlongohCommented:
Unfortunately I can't test this, but I have to wonder what would happen if you just imported the certificate into the Trusted Root Authority (outside of Outlook) of the workstation and then test Outlook to see if it can open an encrypted message.

If that works, then I can provide instruction on how to setup a GPO to install the certificate.
0
 
mlongohCommented:
So did importing the cert into the Trusted Root Authority have the same result as importing it in Outlook?
0
 
lgeccuexAuthor Commented:
Unfortunatly not.  We just have to suck it up and manually add the cert.  Thanks though!
0
 
mlongohCommented:
I'm sorry to hear that.  You should request the points back... you didn't get a resolution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.