cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Secure Messaging with S/MIME and OWA on Exchange Server 2007 SP1
By
The_Exchange_Team
Published Aug 20 2007 03:19 PM 17.5K Views
The_Exchange_Team
Microsoft
‎Aug 20 2007 03:19 PM

Secure Messaging with S/MIME and OWA on Exchange Server 2007 SP1

‎Aug 20 2007 03:19 PM

S/MIME support for Exchange Outlook Web Access (OWA) was introduced in Exchange 2003. In Exchange 2007 SP1, we are adding S/MIME support back and making it more reliable and powerful. Below, is a short introduction to S/MIME and simple end-to-end steps for how to use S/MIME with OWA on Exchange Server 2007 SP1. Introduction The S/MIME feature in OWA is about secure messaging - enabling OWA to send and receive signed and encrypted email.  Signed messages allow the recipient to verify that the message came from the person that the message claims to be from.  Encrypted messages allow the sender to ensure that only the intended recipients can read messages that are sent to them. While it’s true that the message is unreadable to anyone who might intercept it while in transit, it is also true that even the Exchange administrator cannot read these messages. Install the S/MIME control You need to install the S/MIME control to use S/MIME in OWA. Here’s how you do it: 1) Launch IE and log in to OWA. 2) In the main window, navigate to the Options page (top of the page on the right): 3) Click "E-Mail Security" and click "Download the Outlook Web Access 2007 S/MIME control", 4) Follow the installation steps. Get a certificate You need to get an email certificate to send and receive signed/encrypted messages. Note: if you sign a message without encrypting it, the message will be viewable by someone who intercepts it in transit. To get a certificate, you can either:

  1. Get a certificate from the certificate authority service in your organization. Contact your IT department for that.
  2. Get a certificate from the public certificate authority service
There are several public services issuing email certificates (ex. Comodo, VeriSign). The choice of certificate authority is up to the user. Note: Comodo currently provides a free email certificate without a trial period expiration. Once you have requested an email certificate from a certificate authority (e.g. Comodo), you will receive an email informing you how to get, and install, the certificate on your local machine. If enrolling the certificate is completed successfully, your certificate, with private key, will be installed on your computer (or in your smart card depending on the template you select). Working with signed or encrypted messages in Exchange 2007 SP1 OWA After installing the S/MIME control and getting an email certificate, you will be able to read, send encrypt and sign messages in OWA. Reading and verifying a signed message Open a signed message. In the message window, you can verify the signature by reading the "Signed By" information. This link tells you if the signature is valid, or not, and who signed the message. On the "Signed by" line, there can be a few icon options:
  • One is shown if the signature is valid. The icon is followed by the email address of the signer.
  • The other is shown if the signature is invalid.
  • The third icon is shown if the signature is valid but the certificate that used to sign the message has expired.
Clicking the "more information" link in a message will display a dialog with certificate information. If the signature is valid, the dialog will show you additional details about the signature such as who sent the mail, who the signer is identified as and who the certificate authority that issued the certificate was. If the signature is invalid, the dialog will show you why the signature is invalid. Reading an encrypted message
  • Insert your smart card if your email certificate is stored on your smart card.
  • Open the encrypted message.
  • You may be prompted with a dialog to enter the PIN of the smart card if your email certificate is on the smart card. If so, enter the PIN and click "ok".
  • The encrypted message will be shown in the message window.
Sending a signed message
  • Insert your smart card if the email certificate is stored on your smart card.
  • Compose a new message.
  • Click the "signed" button on the message window toolbar.
  • Send the message. You may be prompted with a dialog to enter the PIN of your smart card if your email certificate is on your smart card. If so, enter the PIN and click "ok".
Sending an encrypted message
  • Insert your smart card if the email certificate is stored on your smart card.
  • Compose a new message.
  • Click the "encrypted" button on the message window toolbar.
  • Send the message. You may be prompted with a dialog to enter the PIN of your smart card if your email certificate is on your smart card. If so, enter the PIN and click "ok".
- Chongwen Xie

0 Likes
Like
5 Comments
Version history
Last update:
‎Jul 01 2019 03:30 PM
Updated by:
Labels