Exchange 2007 Digital Signature S/MIME for OWA

We have exchange 2007 SP3 on an old server 2003R2. The users are wanting to start sending digital signatures (encrypt their outgoing email to their clients). Right now I just want to focus on the OWA users. So all my users access the OWA by going to https://remote.mycompany.com/owa (where remote.mycompany.com is the same on the Certificate). When I go to send an email with it digitaly signed I get the following error.
Send Error
I wanted to check the Certificate being used so i had to enable a registry entry...
Expanded  HKLM\System\CurrentControlSet\services\MSExchangeOWA\SMIME
Right clicked the SMIME key and click New and click DWORD (32-bit)
Named the new DWORD value AllowUserChoiceOfSigningCertificate
Double clicedk AllowUserChoiceOfSigningCertificate and set the value to 1.

I click options > email security > click manually pick the certificate it says none and when i click the "choose signing certificate..." there is nothing to choose its totally blank.
LVL 1
easyworksAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

easyworksAuthor Commented:
I saw this, but the steps are for exchange 2013 and not 2007

http://windowsitpro.com/exchange-server/encryption-exchange-online-part-6
Amit KumarCommented:
YOu need to install user certificate on local system in user account, when user will try sending e-mail using S/MIME it will ask to which certificate to be used to send e-mail.

So generate digital certificate on the basis of e-mail address using your internal CA or from external CA.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
easyworksAuthor Commented:
Ok, so each individual workstation that the users are on will need to generate a local CA?

The main thing i'm shooting for right now is that all OWA, which I was hoping it would be able to pull the certificate off exchange server. I guess this is not possible because i have no clue how every i could generate a certificate for all the workstations.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Amit KumarCommented:
See if this article helps you
easyworksAuthor Commented:
I guess the reason why I cant sign signatures is I have not done Certificate Enrollment wizard?
Amit KumarCommented:
True, you will have to generate certificate for users.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.