S/MIME POINT_TO_POINT

Have Exchange2010 CAS server OWA is allowed to all users.
The CAS server is using  third party trusted certificate (SAN).
I was asked to find the way to configure the server so users can communicate between partners company via encrypted email.
I thought of using S/MIME, Reading some tech notes and found that both party should use certificate and each others should know the public key if we go for S/MIME.
Experts up there know a solution  to accomplish this S/MIME .
Do i have to install certificate for users from third party where I got the SAN for CAS server?
if that case Do we have to by certificate for each computer/users? say for an example we have 100 users so does the partner company.
LVL 1
sara2000Asked:
Who is Participating?
 
arnoldCommented:
The option is each side buys user certificates issued by trusted sources and then each recipients public certificate needs to be added and included in the directory listing of both firms.
It would be rather expensive to buy a CA issuing certificate from a public Issuer.
I.e. Buying 100 user certificates once a year or two years would be cheaper.

The other deals with using an internal issuing CA  and each side will add the other's public CA certificate as trusted root CA within their organization.
Then the same issue with having the recipients of each with their public certificate added to the other's recipient book/listing.
0
 
arnoldCommented:
You can have a local CA on each end and exchange the public portion of the CA certificates where each side will need to add it as trusted CA.
Then each will issue user certificates. The user's the recipients will need to exchange public
Internally AD integrated Ca will have the certificates so communication within could be via encrypted .....

Each user needs a certificate the public portion of which needs to be in a shared directory on each end.

Another reading of "encrypted" mail could deal with the transport between the servers
I.e. Connections between the two servers use an encrypted channel while the messages are not encrypted.

SSL or TLS based connections.
0
 
sara2000Author Commented:
Arnold ,
Thank you for your quick reply,
Have a question regarding "Exchange public portion" How do we do that?
Hope you do not mind to shed the light on this?
Is it something we both parties buy  trusted certificate from one source and install it on  our internal CA?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.