|
|
B)
Configuring Outlook Clients to Sign and Encrypt E-mails
B.1)
Verify Exchange is set to allow S/MIME signatures
1)
Open up Exchange System Manager
A) Navigate
to the mailbox store that the users? mailboxes exist on
B) Check
the properties on the store to make sure ?Clients support S/MIME signatures? is
check, see Figure 8 - Clients support S/MIME Option
Figure 8 - Clients support S/MIME Option
B.2)
Outlook 2003
1)
Confirm a certificate is install locally on the client
A) Run
MMC.EXE
B) Add
the Certificates snap-in. If prompted, choose ?My user account?
C) Expand
?Current User\Personal\Certificates?
a)
Confirm a certificate is shown with the intended purpose of ?Secure
Email?
2)
If a certificate is not installed or you are not using Windows 2003
Enterprise Edition on your CA server, do the following
A) Using the
MMC Certificate snap-in
a)
On the client computer run MMC.EXE
b)
Add the Certificates snap-in. If prompted, choose for the current user
c)
Right click on ?Current User\Personal? and choose ?Request New
Certificate?? from All Tasks
1) Choose
the User certificate type
2) Enter
the user?s name for the friendly name
B) Using
the certificate server web-site
? These steps may vary if your CA is running standard
edition.
a)
On the client computer, start Internet Explorer when logged on as the
user that needs to sign or encrypt e-mails
b)
Enter in http://<CertificateServer>/certsrv
?
Where <CertificateServer>
is the name of the certificate server setup earlier, this requires that IIS is
also setup on this server.? It is best to create a DNS CNAME or alias for the
certificate server, like cert.company.com, and have *.company.com added as a
trusted site using GPOs.
?
If you are prompted to login, make sure the user who needs the
certificate logins in.? If you add the certificate server as a trusted site,
users will automatically be logged in.
c)
Click Request a certificate under Select a Task, and then click Next
d)
On the ?Choose Request Type? page, click User Certificate, and
then click Next
e)
On the ?User Certificate ? Identifying Information? page, click Submit
f)
On the ?Certificate Issued? page, click Install this certificate
g)
You may be prompted with a security warning that the webpage is trying
to install a certificate locally, click the correct option to allow this
3)
Launch Outlook 2003 when logged on as the user
A) Goto
Tools\Options and click the Security tab
B) Click
on Settings and confirm ?My S/MIME Setting?? is shown and click on OK,
as shown in Figure 9 - Change Security Settings
? No changes are
needed on this page, by click OK it will enabled the certificate in Outlook.
Figure 9 - Change Security Settings
C) Verify
?My S/MIME Setting?? is now shown in the Default Setting: box as shown
in Figure 10 - Outlook Security Options. ?Previously this box would have been
blank and grayed out
Figure 10 - Outlook Security Options
D) You can
choose to always encrypt and digitally sign messages, but I would recommend not
checking the first two options
?
Because we are using an internal CA, only those logging into the
AD domain and forest that the CA server and auto-enrollment certificate GPO are
setup in will be able to validate digital signatures and open encrypted e-mails
by default.? Other uses, like those outside your organization, will not be able
to open encrypted e-mails and will see a warning that any digitally signed
e-mails do not contain a valid signature.
E) Click
OK
|
|
|
|
Adding Content to a SharePoint Site
|
|
|
|
 |
