S/MIME POINT_TO_POINT

Have Exchange2010 CAS server OWA is allowed to all users.
The CAS server is using  third party trusted certificate (SAN).
I was asked to find the way to configure the server so users can communicate between partners company via encrypted email.
I thought of using S/MIME, Reading some tech notes and found that both party should use certificate and each others should know the public key if we go for S/MIME.
Experts up there know a solution  to accomplish this S/MIME .
Do i have to install certificate for users from third party where I got the SAN for CAS server?
if that case Do we have to by certificate for each computer/users? say for an example we have 100 users so does the partner company.
LVL 2
sara2000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
You can have a local CA on each end and exchange the public portion of the CA certificates where each side will need to add it as trusted CA.
Then each will issue user certificates. The user's the recipients will need to exchange public
Internally AD integrated Ca will have the certificates so communication within could be via encrypted .....

Each user needs a certificate the public portion of which needs to be in a shared directory on each end.

Another reading of "encrypted" mail could deal with the transport between the servers
I.e. Connections between the two servers use an encrypted channel while the messages are not encrypted.

SSL or TLS based connections.
0
sara2000Author Commented:
Arnold ,
Thank you for your quick reply,
Have a question regarding "Exchange public portion" How do we do that?
Hope you do not mind to shed the light on this?
Is it something we both parties buy  trusted certificate from one source and install it on  our internal CA?
0
arnoldCommented:
The option is each side buys user certificates issued by trusted sources and then each recipients public certificate needs to be added and included in the directory listing of both firms.
It would be rather expensive to buy a CA issuing certificate from a public Issuer.
I.e. Buying 100 user certificates once a year or two years would be cheaper.

The other deals with using an internal issuing CA  and each side will add the other's public CA certificate as trusted root CA within their organization.
Then the same issue with having the recipients of each with their public certificate added to the other's recipient book/listing.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.