Our company is wanting to begin e-mail encryption and I’m the one to do it, but only have a vague idea of where to start. I’ve read about various methods, but without the funds or luxury of ample testing time, I must revert to the hands-on experience of those other than myself for projects I’ve never tackled.
Do I just purchase an SSL certificate from GoDaddy and install it on the Exchange server without setting up Certificate Authority (CA)on the local server? We can’t afford thousands of dollars here…we’re hoping to buy one certificate if this is possible.
Once the certificate is installed and I’ve solved this first step, I’m sure I can manage to find tutorials on how to configure Exchange 2003, BUT I’m not sure how I would go about doing the rest. Do I have to BUY a certificate for each office employee? or is that what CA is for? Also, how do outside companies handle the encrypted messages once received? Do they get prompted to accept my certificate or can their admin globally accept our certificate so their facility isn’t always clicking YES to accept a certificate every time they open and e-mail from our company’s employees?
Thanks a ton! I don’t want to try one of the many scenarios out there only to find I’ve created a monster or just plain done the wrong thing….