[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Exchange level decryption

Posted on 2012-08-13
10
Medium Priority
?
415 Views
Last Modified: 2012-08-20
Greetings,

One of our vendors sends PKI encrypted emails to us using a public key we provided them.  The certificate was generated by our internal CA and we simply exported the the public key to them.  The messages come from a single source, but there are multiple mailboxes that it sends too.  We can receive the emails encrypted all the way to the receipiant's mailbox, where the certificate obviously has to then be installed into Outlook to view the message.  Keeping up with where and who has the certificate installed is an administrative nightmare.  Is there a way to install the certificate on the Exchange server and have it decrypt the message before sending it to the receipiant?

LGECCUEX
0
Comment
Question by:lgeccuex
  • 6
  • 4
10 Comments
 
LVL 12

Accepted Solution

by:
mlongoh earned 1500 total points
ID: 38290450
Probably not.  Why not use a GPO that's Group Filtered to automatically install the certificate to the appropriate users?  Once built and tested, all you'd have to do is add the user to the group.
0
 

Author Comment

by:lgeccuex
ID: 38292741
Where in the Outlook admin GPO template would I find that setting.  I cannot seem to find a setting for it.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 38292753
Do you have to install the cert in Outlook or do you simply install it on the workstation?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:lgeccuex
ID: 38292819
We import it into Outlook (2007) using the Email Security section of the Trust Center.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 38293157
Look here - I think that this is what you're looking for:
http://blogs.technet.com/b/exchange/archive/2008/04/23/3405402.aspx
0
 

Author Comment

by:lgeccuex
ID: 38293707
Unfortunatly not.  The problem is not with mail contacts or out going encrypted emails.  We just can't seem to find a way to configure the Digital ID in Outlook from the backend.  I tried attaching the cert to the AD user account but to no avail.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 38296105
Unfortunately I can't test this, but I have to wonder what would happen if you just imported the certificate into the Trusted Root Authority (outside of Outlook) of the workstation and then test Outlook to see if it can open an encrypted message.

If that works, then I can provide instruction on how to setup a GPO to install the certificate.
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 38312793
So did importing the cert into the Trusted Root Authority have the same result as importing it in Outlook?
0
 

Author Comment

by:lgeccuex
ID: 38312800
Unfortunatly not.  We just have to suck it up and manually add the cert.  Thanks though!
0
 
LVL 12

Expert Comment

by:mlongoh
ID: 38313030
I'm sorry to hear that.  You should request the points back... you didn't get a resolution.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Take a look at these 6 Outlook Email management tools which can augment the working and performance of Microsoft Outlook to give you a more rewarding emailing experience.
Exchange administrators are always vigilant about Exchange crashes and disasters that are possible any time. It is quite essential to identify the symptoms of a possible Exchange issue and be prepared with a proper recovery plan. There are multiple…
This video discusses moving either the default database or any database to a new volume.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month19 days, 13 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question