Announcement

Collapse
No announcement yet.

Using Certificates for OWA outgoing mail

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Using Certificates for OWA outgoing mail

    Hi guys,

    Perhaps it is already written in the instructions somewhere, but if it is I can't find it yet.

    I was reading http://www.petri.com/configure_messa...n_owa_2003.htm in order to configure Outlook Web Access to use digital certificates to Sign and to Encrypt outgoing messages. The article specifically says that you must first "apply for, receive and install a Digital Certificate designated for this purpose" and then says "please see the Related Articles section at the bottom of this page."

    Keep in mind that I DO like to look it up myself first.

    I looked through the related articles and didn't find what I need.

    I have the IIS and OWA/OMA using SSL certificates just fine and I connect to the server using HTTPS to see the mail. I have applied for and received a digital certificate I would like to use. I followed the instructions in the artricle mentioned above concerning the download of the latest S/MIME from the exchange server to the workstation I am using.

    What I don't see is how I am supposed to install the digital certificate so that exchange knows to use that certificate for that user.

    So, if somebody could point me at the right place, I'd like to try this little feature.

  • #2
    Re: Using Certificates for OWA outgoing mail

    "Note: Before being able to encrypt or sign messages you will need to apply for, receive and install a Digital Certificate designated for this purpose"

    Means that you must have any kind of token / smart card or any device that can contain your private certificate.
    CNE 5, CCA, MCSE NT4.0-2003, MCSE 2003 messaging, Exchange Server MVP.
    Tzahi Kolber - IT Supervisor
    Polycom Israel.

    Comment


    • #3
      Re: Using Certificates for OWA outgoing mail

      >> you must have any kind of token / smart card <<

      I did that.

      I have a certificate issued by Thawte, and I have another one from Equifax, both standard root CAs.

      What I don't understand is how to insert one of these certificates into OWA in order to get OWA to send signed emails.

      Comment


      • #4
        Re: Using Certificates for OWA outgoing mail

        Maybe this will help...

        http://www.microsoft.com/technet/pro...a644c8c80.mspx
        Be sure to expand this section to see what it covers and what applies to your situation (I've noticed that Firefox doesn't work too well with TechNet's site)

        http://www.microsoft.com/technet/pro...3838c7f7f.mspx

        You can browse around this online book
        http://www.microsoft.com/technet/pro....mspx?mfr=true
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Using Certificates for OWA outgoing mail

          Jeremy,

          The link you gave was excellent info, and now that I understand the structure and methods of OWA using certificates, I am closer to a solution. I still want to read through the entire document you pointed me to, but thought I would post a follow-up at this point.

          I still have a problem, but not the problem I thought I had.

          It turns out that the signing certificate is NOT installed on the exchange server that is hosting OWA. When you send or reply to an email and click on the button to sign the email, the OWA/Exchange server asks the IE6 program on your PC to supply the signing certificate. So I was wrong about trying to install it on the server.

          The problem I am having is that when logged in to OWA, after clicking on the download button under options the S/MIME control appears to install properly, but when I try to reply to or send a message I still do not have the two extra buttons (Sign or Encrypt) available in the message window.

          This may be due to all the extra garbage that is loaded on to the PC I have here at work, and I will test on other PCs to see if the problem is duplicated. I work by day at an accounting firm, and there are all sorts of add-ons that are part of oddball accounting packages that are loaded onto work PCs. These add-ons may be interfering with the normal operation of the S/MIME control that is supposed to be installed as part of the OWA package.

          Comment


          • #6
            Can NOT install the OWA S/MIME control

            OK I have been through the TechNet instructions completely and have a pretty good handle on what I am doing and how certificates are supposed to work with OWA. I have tried the same operation to install the S/MIME control from OWA on other PCs that have just the basics installed and without firewall issues. I have also compared the server in question to other similar servers.

            Here's the problem now - the S/MIME control downloads just fine and apparently installs on each workstation, but when I go back to the options page I do NOT get the changed Email Security section that allows you to encrypt or sign messages by default

            Click image for larger version

Name:	email security.jpg
Views:	1
Size:	8.3 KB
ID:	462672

            and I do not get the two added icons in a send message window as is illustrated below.



            When I browse to an identical OWA server elsewhere, it works as advertised so I think the workstation settings are OK. I suspect there is something worng at the server, but can't find what it might be.

            At one point, I do remember seeing a setting where you could select either S/MIME or Exchange Server security for messages, but for the life of me I can't remember where that was. It is possible that I saw that in an Outlook client, not on the server itself.

            So, to sum up. It's not the workstations or programs loaded and it's not the firewall as best as I can tell. It seems to be a problem with the OWA server itself.

            Ideas?

            Comment


            • #7
              Re: Can NOT install the OWA S/MIME control

              Originally posted by rderby
              At one point, I do remember seeing a setting where you could select either S/MIME or Exchange Server security for messages, but for the life of me I can't remember where that was. It is possible that I saw that in an Outlook client, not on the server itself.
              That setting was, if I remember correctly, on previous versions of Exchange. Ex2003 can be configured to support SMIME on the store properties, and it is enabled by default. Was that what you were looking for?
              Cheers,

              Daniel Petri
              Microsoft Most Valuable Professional - Active Directory Directory Services
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                Re: Using Certificates for OWA outgoing mail

                > Was that what you were looking for? <

                Good guess, but no. I found that one and it is indeed enabled. What I was looking for was two lines on a properties page with radio buttons so you could select one or the other.

                The first line was something like "Clients use S/MIME security"
                The second was something like "Exchange handles security"

                I've been all over the server, in AD, in IIS manager, and in Exchange System Manager and didn't find it, so maybe it was Outlook installed on a workstation at home when I was searching and testing.

                Comment


                • #9
                  Found the answer to one question

                  I found the answer to one question, but still have not solved the original problem.

                  The location where you could select either S/MIME or Exchange Server Security is in the Outlook Client under Tools/Options/Security/Settings/Cryptography Format.

                  Could be the rest of the part about radio buttons and so forth was under a different Outlook Client or in the dusty regions of my imagination.

                  I am still looking for the reason I can not install the S/MIME control from this server.

                  Comment


                  • #10
                    Problem solved

                    Final follow up to this problem.

                    I fixed the problem but don't know why it happened in the first place.

                    Last night I got the chance to get my hands on the server in person and I applied Exchange Service Pack 2 (E3SP2ENG.EXE) and then the security update (Exchange2003-KB916803-x86-ENU.exe) for that service pack.

                    After rebooting the server, I tested and was able to install the S/MIME control with the expected results.

                    Comment

                    Working...
                    X