How can I configure e-mail and message security in Exchange Server 2003?
Exchange Server 2003 can work hand-in-hand with the Windows Server 2003 Certificate Authority (also known as CA) to provide message security by offering support for digital signatures and message encryption. Both forms of security will be discussed in a separate article, but what is important to us is the fact that both require the presence of a Digital Certificate to be issued for any user how will need to use these features.
In order to offer message security with Exchange Server 2003 you will first need to install and configure a CA in your domain.
Note: There may be scenarios where a company might opt to use 3rd party issued Digital Certificates instead of creating their own, especially when that company’s users will be dealing with out-of-the-company users, exchanging encrypted e-mail messages between themselves and these outside users. This is because the outside users might not be willing to trust the company’s internal CA.
In order to install the CA you will first need to install IIS on a Windows Server 2003 computer. This server does NOT need to be the Exchange server, and in fact can either be one of your Domain Controllers or any member server. On Windows Server 2003 IIS is not installed with the default Windows 2003 installation.
To install the CA service perform the following steps:
By default Exchange 2003 mailbox stores are set to support S/MIME messages, however, in some cases this setting might have been turned off.
If not already configured, to allow the mailbox stores to support S/MIME messages please perform the following steps:
After installing and configuring the CA on your domain you will now need to ask your users (at least those who will require message security) to enroll for a Digital Certificate.
In order to obtain a Digital Certificate from the CA please follow the steps outlined in the Obtain a Digital Certificate from an Online Certificate Authority (CA) article.
After obtaining a Digital Certificate from the CA you will now need to configure Outlook 2003 or Outlook Web Access (OWA) to use the new message security settings.
In order to configure Outlook 2003 to use the new message security settings please follow the steps outlined in the Configure Message Security in Outlook 2003 article.
In order to configure Outlook Web Access to use the new message security settings please follow the steps outlined in the Configure Message Security in OWA 2003 article.
You might also want to read the following related articles: