Implementing S/MIME and PGP on Exchange Server 2007 SP3

Posted on 2013-10-02
Medium Priority
Last Modified: 2013-10-03
Hi all,

How can we implement S/MIME to encrypt the email going through the exchange server 2007 ? I need to do this for certain type of email address destination as this is my client requirement, so I wonder what could be the effect with the other client who do not need to implement S/MIME ?

What's the difference in implementing it with PGP ?
LVL 33

Accepted Solution

Dave Howe earned 2000 total points
ID: 39542472
While it is possible to impliment both though exchange, it is strongly recommended you don't - both s/mime and pgp are effectively email client technologies, and are best integrated into outlook rather than exchange.

Regardless of how you implement, it is impossible to send an encrypted mail to someone you don't have an encryption key for, so there will be no effect on other correspondents.

Ok, now that we have THAT out of the way....

S/Mime is effectively the same technology that secures HTTPS websites and TLS listeners - it is X509 certificate based, and as with HTTPS, you have the choice of going with a Certificate Authority (and paying per year for each email account) or issuing your own using the Microsoft CA built into enterprise class windows servfer.  Exchange facilitates that for you, by having an autoenrollment system where a user can be issued with a (company signed) certificate automatically. See this URL for further details.

This key is used by the user for receiving encrypted mail, and digitally signing mail. for the other side of the coin (sending encrypted mail) you need the public certificate of the intended recipient - the easiest way to obtain that is to accept a signed mail from the intended recipient, and import the certificate from there.

Now, PGP.

PGP is a similar system, but the file format is different and key management is completely different - there is no central issuing authority, each user creates their own keys and decides who to trust or not trust on an individual basis. Outlook does not natively support PGP, but the company who own the commercial product do supply an Outlook plugin with their solution. They also sell the universal gateway product (which sits between exchange and the internet and encrypts/decrypts transparently) but that is very expensive.

On the open source side, the equivalent program is called gnu privacy guard (gpg) and is a command line tool. plugins exist for outlook to use this tool, but some are proprietary or only work with specific releases of outlook (2003 iirc) - list can be found here.

again, the recipient needs a key to decrypt and sign, and the public key of the intended recipient in order to send encrypted mail or verify signatures (gpg does not send the public key with signed mail, so you need to exchange manually or use one of the many internet key servers to search for the key)

If you have any follow-up questions, feel free to post below and we will do our best to explain further :)

Author Closing Comment

by:Senior IT System Engineer
ID: 39545177
Thanks Dave ! you are amazingly clear in explaining things to me :-)

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Here is a method which can be used to help resolve a "Content Index Failed" error on a Microsoft Exchange Server.
Disk errors can be the source of sundry problems for the Exchange server, the most common one being that the database fails to mount.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question