No announcement yet.

Remote User Email Certificates

  • Filter
  • Time
  • Show
Clear All
new posts

  • Remote User Email Certificates

    We are running exchange 2003, windows 2003 with certsrv

    We are trying to find a way to publish encryption certificates s to our remote laptop users, they can connect in via a vpn, so can update via GAL.

    There is two options I can see for this.

    1. Use get digital ID using outlook 2003 ( I have tryed researching this method but how found little to no guides, can anyone advise me to a good resource?)

    2.Using a service like Comodo (

    I Like how comodo publishes certs with a link to download sent in a email as we want to make this easy for the remote user as alot of them strugle with IT but would prefer an in house option.

    So what im trying to ask in a nutshell.

    Is using get digital id from out certsrv the correct method? can anyone advise me how to do this, i cant find any guides or information!

    Is there any inhouse options like comodo we can addon to our certserv?

  • #2
    Re: Remote User Email Certificates

    Assuming I understand you correctly, and you want the ability to send encrypted email via Exchange, all you need is a User certificate from your CA. By default they are designed to be used for Secure Email amongst other things. This technet article should help with Autoenrollment, which IMO is the best option. You can guide users through requesting a certificate with the MMC and the Certificates snap-in, but most users would struggle with that to be honest and anyway it's not something I'd want most users knowing how to do.

    The alternative is that your users VPN and browse to http://servernam/certsrv where servername is the name of the machine running the CA. Off the top of my head it's quite a simple process to request a cert, can't check as my laptop is Windows 7 and we haven't updated the website to allow Vista and higher clients to request certs as yet.

    Edit: Just RDPd to the Server and ran through the Wizard, it's a very simple process using the website so probably requires the least administrative effort.
    Last edited by cruachan; 2nd March 2010, 17:29.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    Cruachan's Blog