S/MIME support for Exchange Outlook Web Access (OWA) was introduced in Exchange 2003. In Exchange 2007 SP1, we are adding S/MIME support back and making it more reliable and powerful. Below, is a short introduction to S/MIME and simple end-to-end steps for how to use S/MIME with OWA on Exchange Server 2007 SP1. Introduction The S/MIME feature in OWA is about secure messaging - enabling OWA to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the person that the message claims to be from. Encrypted messages allow the sender to ensure that only the intended recipients can read messages that are sent to them. While it’s true that the message is unreadable to anyone who might intercept it while in transit, it is also true that even the Exchange administrator cannot read these messages. Install the S/MIME control You need to install the S/MIME control to use S/MIME in OWA. Here’s how you do it: 1) Launch IE and log in to OWA. 2) In the main window, navigate to the Options page (top of the page on the right): 3) Click "E-Mail Security" and click "Download the Outlook Web Access 2007 S/MIME control", 4) Follow the installation steps. Get a certificate You need to get an email certificate to send and receive signed/encrypted messages. Note: if you sign a message without encrypting it, the message will be viewable by someone who intercepts it in transit. To get a certificate, you can either:
- Get a certificate from the certificate authority service in your organization. Contact your IT department for that.
- Get a certificate from the public certificate authority service
- Comodo: http://www.comodo.com/products/certificate_services/email_certificate.html
- VeriSign: https://digitalid.verisign.com/cgi-bin/OEenroll.exe?name=&email=
- One is shown if the signature is valid. The icon is followed by the email address of the signer.
- The other is shown if the signature is invalid.
- The third icon is shown if the signature is valid but the certificate that used to sign the message has expired.
- Insert your smart card if your email certificate is stored on your smart card.
- Open the encrypted message.
- You may be prompted with a dialog to enter the PIN of the smart card if your email certificate is on the smart card. If so, enter the PIN and click "ok".
- The encrypted message will be shown in the message window.
- Insert your smart card if the email certificate is stored on your smart card.
- Compose a new message.
- Click the "signed" button on the message window toolbar.
- Send the message. You may be prompted with a dialog to enter the PIN of your smart card if your email certificate is on your smart card. If so, enter the PIN and click "ok".
- Insert your smart card if the email certificate is stored on your smart card.
- Compose a new message.
- Click the "encrypted" button on the message window toolbar.
- Send the message. You may be prompted with a dialog to enter the PIN of your smart card if your email certificate is on your smart card. If so, enter the PIN and click "ok".
You Had Me at EHLO.