One of our vendors sends PKI encrypted emails to us using a public key we provided them. The certificate was generated by our internal CA and we simply exported the the public key to them. The messages come from a single source, but there are multiple mailboxes that it sends too. We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message. Keeping up with where and who has the certificate installed is an administrative nightmare. Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?