We help IT Professionals succeed at work.

Exchange level decryption

lgeccuex
lgeccuex asked
on
Greetings,

One of our vendors sends PKI encrypted emails to us using a public key we provided them.  The certificate was generated by our internal CA and we simply exported the the public key to them.  The messages come from a single source, but there are multiple mailboxes that it sends too.  We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message.  Keeping up with where and who has the certificate installed is an administrative nightmare.  Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?

LGECCUEX
Comment
Watch Question

Commented:
Probably not.  Why not use a GPO that's Group Filtered to automatically install the certificate to the appropriate users?  Once built and tested, all you'd have to do is add the user to the group.

Author

Commented:
Where in the Outlook admin GPO template would I find that setting.  I cannot seem to find a setting for it.

Commented:
Do you have to install the cert in Outlook or do you simply install it on the workstation?

Author

Commented:
We import it into Outlook (2007) using the Email Security section of the Trust Center.

Commented:
Look here - I think that this is what you're looking for:
http://blogs.technet.com/b/exchange/archive/2008/04/23/3405402.aspx

Author

Commented:
Unfortunatly not.  The problem is not with mail contacts or out going encrypted emails.  We just can't seem to find a way to configure the Digital ID in Outlook from the backend.  I tried attaching the cert to the AD user account but to no avail.

Commented:
Unfortunately I can't test this, but I have to wonder what would happen if you just imported the certificate into the Trusted Root Authority (outside of Outlook) of the workstation and then test Outlook to see if it can open an encrypted message.

If that works, then I can provide instruction on how to setup a GPO to install the certificate.

Commented:
So did importing the cert into the Trusted Root Authority have the same result as importing it in Outlook?

Author

Commented:
Unfortunatly not.  We just have to suck it up and manually add the cert.  Thanks though!

Commented:
I'm sorry to hear that.  You should request the points back... you didn't get a resolution.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.