lgeccuex
asked on
Exchange level decryption
Greetings,
One of our vendors sends PKI encrypted emails to us using a public key we provided them. The certificate was generated by our internal CA and we simply exported the the public key to them. The messages come from a single source, but there are multiple mailboxes that it sends too. We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message. Keeping up with where and who has the certificate installed is an administrative nightmare. Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?
LGECCUEX
One of our vendors sends PKI encrypted emails to us using a public key we provided them. The certificate was generated by our internal CA and we simply exported the the public key to them. The messages come from a single source, but there are multiple mailboxes that it sends too. We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message. Keeping up with where and who has the certificate installed is an administrative nightmare. Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?
LGECCUEX
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have to install the cert in Outlook or do you simply install it on the workstation?
ASKER
We import it into Outlook (2007) using the Email Security section of the Trust Center.
Look here - I think that this is what you're looking for:
http://blogs.technet.com/b/exchange/archive/2008/04/23/3405402.aspx
http://blogs.technet.com/b/exchange/archive/2008/04/23/3405402.aspx
ASKER
Unfortunatly not. The problem is not with mail contacts or out going encrypted emails. We just can't seem to find a way to configure the Digital ID in Outlook from the backend. I tried attaching the cert to the AD user account but to no avail.
Unfortunately I can't test this, but I have to wonder what would happen if you just imported the certificate into the Trusted Root Authority (outside of Outlook) of the workstation and then test Outlook to see if it can open an encrypted message.
If that works, then I can provide instruction on how to setup a GPO to install the certificate.
If that works, then I can provide instruction on how to setup a GPO to install the certificate.
So did importing the cert into the Trusted Root Authority have the same result as importing it in Outlook?
ASKER
Unfortunatly not. We just have to suck it up and manually add the cert. Thanks though!
I'm sorry to hear that. You should request the points back... you didn't get a resolution.
ASKER