Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your Active Directory
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference
Icon for Ebook

Ebook

The Forrester New Wave™: SaaS Application Data Protection, Q4 2021

Home

Exchange Server

Configure Message Security in Exchange 2003

Daniel Petri

 |

Jan 7, 2009

How can I configure e-mail and message security in Exchange Server 2003?

Exchange Server 2003 can work hand-in-hand with the Windows Server 2003 Certificate Authority (also known as CA) to provide message security by offering support for digital signatures and message encryption. Both forms of security will be discussed in a separate article, but what is important to us is the fact that both require the presence of a Digital Certificate to be issued for any user how will need to use these features.
In order to offer message security with Exchange Server 2003 you will first need to install and configure a CA in your domain.
Note: There may be scenarios where a company might opt to use 3rd party issued Digital Certificates instead of creating their own, especially when that company’s users will be dealing with out-of-the-company users, exchanging encrypted e-mail messages between themselves and these outside users. This is because the outside users might not be willing to trust the company’s internal CA.

Step 1: Install the IIS Service

In order to install the CA you will first need to install IIS on a Windows Server 2003 computer. This server does NOT need to be the Exchange server, and in fact can either be one of your Domain Controllers or any member server. On Windows Server 2003 IIS is not installed with the default Windows 2003 installation.

advertisment

  1. Click Start > Control Panel > Add or Remove Programs.
  2. In Add or Remove Programs, click Add/Remove Windows Components.
  3. Under Components, click on Application Server (but do NOT select it) and press on the Details button.
  4. In the Application Server window click to select IIS and click Ok.

 

  1. Click Next

 

  1. After the wizard completes the installation, click Finish.

Step 2: Install the CA Service

To install the CA service perform the following steps:

  1. Click Start > Control Panel > Add or Remove Programs.
  2. In Add or Remove Programs, click Add/Remove Windows Components.
  3. Under Components, select Certificate Services.

 

advertisment

  1. You will get a warning about domain membership and computer renaming constraints, and then click Yes.

 

  1. On the CA Type page, click Enterprise root CA, and then click Next.

 

  1. On the CA Identifying Information page, in the Common name for this CA box, type the name of the server, and then click Next.

 

  1. On the Certificate Database Settings page, accept the defaults in the Certificate database box and the Certificate database log box, and then click Next.

 

advertisment

  1. You will get a prompt to stop Internet Information Services, click Yes.
  2. Enable Active Server Pages (ASPs), by clicking Yes.
  3. When the installation process is completed click Finish.

Step 3: Configure the Exchange mailbox stores to support S/MIME messages

By default Exchange 2003 mailbox stores are set to support S/MIME messages, however, in some cases this setting might have been turned off.
If not already configured, to allow the mailbox stores to support S/MIME messages please perform the following steps:

  1. Open the Exchange System Manager.
  2. Expand Administrative Groups > First Administrative Group > Servers > Your Server Name > First Storage Group > Mailbox Store (Server Name). Right-click the mailbox store and select Properties.
  3. On the Properties tab, check that the Clients support S/MIME signatures check box is selected.

 

  1. Repeat the above steps for every mailbox store on that server, and also for any other mailbox stores found on any of your other Exchange servers.

Step 4: Obtain a User Digital Certificate from the CA

After installing and configuring the CA on your domain you will now need to ask your users (at least those who will require message security) to enroll for a Digital Certificate.
In order to obtain a Digital Certificate from the CA please follow the steps outlined in the Obtain a Digital Certificate from an Online Certificate Authority (CA) article.

Step 5: Configure Outlook 2003 or Outlook Web Access (OWA) to use message encryption and signature

After obtaining a Digital Certificate from the CA you will now need to configure Outlook 2003 or Outlook Web Access (OWA) to use the new message security settings.
In order to configure Outlook 2003 to use the new message security settings please follow the steps outlined in the Configure Message Security in Outlook 2003 article.
In order to configure Outlook Web Access to use the new message security settings please follow the steps outlined in the Configure Message Security in OWA 2003 article.

Related articles

You might also want to read the following related articles:

More from Daniel Petri

Microsoft's Blunder: Upgrade to Office 2016 and Lose Skype for Business

Windows 10 Ignoring the Hosts File for Specific Name Resolution

Resolving "Namespace is already defined' Group Policy Error in Windows 10

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Exchange Server

M365 Changelog: Get-AdvancedThreatProtectionDocumentReport and Get-AdvancedThreatProtectionDocumentDetail to be retired

May 24, 2022 | Petri Staff

M365 Changelog: (Updated) Microsoft Defender for Office 365: Updates to URL Protection Report

May 24, 2022 | Petri Staff

M365 Changelog: Safe Links Global Settings Migrated to Custom Policies

May 20, 2022 | Petri Staff

Windows Logo

Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages

May 11, 2022 | Rabia Noureen

M365 Changelog: Exchange Transport Rule Report moving to the new Exchange Admin Center (EAC) from the Security and Compliance Center

Apr 22, 2022 | Petri Staff

Datacenter networking servers

Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers

Apr 22, 2022 | Rabia Noureen

Most popular on petri

X

Log in to save content to your profile.

Login

Sign Up

Username/Email

Password

Forgot Password?

Login

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy