We help IT Professionals succeed at work.

S/MIME and certificate

sara2000 asked
New to Exchange2010 .Have a question regarding the encryption.
We have EXchange2010 and the CAS server and it has ssl SAN installed.
If we want to enable S/MIME at end users outlook.
Do we have to install third-rate trusted certificate?
We will be ok with internal CA and install the certificate to users via AD?
Watch Question

SAN for connection encryption and S/MIME are two different things.
However in general you now should always go with a third party certificate from a reliable provider.

Self signed certificates really are not a good idea unless you have a fully published PKI, and if you had that you would not be asking the question.




Thank you for your reply.
I am having problem of understanding this ssl and S/Mime.
Hope you will put me in the correct direction.
i noticed that one SAN certificate has been installed on all four CAS servers(may be export or copy)
When you say third party from a trusted source, Say for an example we have 100 outlook clients.
we able to install one certificate at all 100 users computers like the CAS servers?
You need to read the links.
You have Outlook Anywhere, OWA, ActiveSync.
Each one uses SSL and S/MIME in a different way.
SSL encrypts the communication between the client and the server.
S/MIME allows you to encrypt the individual messages.

If you just wan to encrypt your connections between client and server, you need one third party SAN cert on the server, and nothing on the clients because they can find the certificate authority on the Internet.

If you want the client to be able to encrypt the mail as well as the connection, then you have to have a certificate that the client can use to encrypt the message, and the recipient has to be able to access the certificate to decrypt the message.
This is much harder to do.