Announcement

Collapse
No announcement yet.

How to send encrypted mail to external users

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to send encrypted mail to external users

    2003 Server AD Domain
    Exchange 2003 server
    Outlook 2003 & OWA clients

    I have just set up a 2003 server CA and am now using it to send encrypted mail within our network. How can I send encrypted mail to users outside our company? I understand that they cannot accept a certificate from our internal CA or can they? If so how?

    I would like to provide all company employees with the ability to send digitally signed and encrypted mail however, a few may need to send encrypted mail to non company employees. For these people, could I get external certificates for them to use just for this purpose?

    What would be the best way to set this up? Any suggestions would be welcomed.

  • #2
    Re: How to send encrypted mail to external users

    You can send encrypted mail to anyone in the world, but for that to happen you need to make sure the following is true:

    1) Make your users' computers trust the root CA of the opposite organization, and their organization's users to trust your root CA. This can be done by sending the root CA digital certificate to them, and telling their admin to import it to their computers via GPO. Then you do the ame with their root CA digital certificate. If this is done on a non-regular and non-orgnization-wide basis, then you can do a trick like this one:

    http://cert.petri.co.il

    see that it'll prompt you to install the root CA digital certificate, and if you do so, you will thus trust my internal root CA.

    2) Exchange Public Keys between the users that want to encrypt mail. If you want to encrypt mail for me, you will need to obtain MY Public Key, and for me to reply in an encrypted way, I will need your Public Key. If we are in 2 different organizations, we need to manually exchange those keys. If we were in the same organization, we could have used an internal DB (i.e. AD) to host these keys.

    Hope this helps.
    Cheers,

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services
    MCSA/E, MCTS, MCITP, MCT

    Comment


    • #3
      Re: How to send encrypted mail to external users

      hello
      we r a public CA named @#[email protected]#[email protected]#$

      Post edited by moderator due to commercial content

      Regards
      adi
      Last edited by danielp; 19th October 2005, 23:38.

      Comment


      • #4
        Re: How to send encrypted mail to external users

        sounds like a commercial..
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: How to send encrypted mail to external users

          Sure does. Post edited.
          Cheers,

          Daniel Petri
          Microsoft Most Valuable Professional - Active Directory Directory Services
          MCSA/E, MCTS, MCITP, MCT

          Comment


          • #6
            Re: How to send encrypted mail to external users

            hello
            sorry . i didnt meen to put commenrcial stuff . just helping the guy out.
            i will rewrite my answer .
            you can find free email certs at the web sites of the Certificate Authirities.
            some of them are for one month and others for longer periods of time .
            you can sign and encrypt mail with them for free .
            Regards
            adi

            Comment


            • #7
              Re: How to send encrypted mail to external users

              I'm glad you've edited your answer Adi. However, unless those public CAs are also trusted by ALL parties (like Verisign, Thawte and so on) then you're back in square one.
              Cheers,

              Daniel Petri
              Microsoft Most Valuable Professional - Active Directory Directory Services
              MCSA/E, MCTS, MCITP, MCT

              Comment


              • #8
                Re: How to send encrypted mail to external users

                hello
                the public CA are trusted and the root Certificate is updated by microsoft at the option "update root certificate (at least ours is).
                now about your answer : why did you make publication for Verisign and Thawte and the company i work for, which is a public CA same as them, you didnt allow ?
                Regards
                adi

                Comment


                • #9
                  Re: How to send encrypted mail to external users

                  Hmmm... good point. Let me try to explain. When you wrote your answer it seemed like 100% commercial for your own company, or for the company you work for. I don't have any rules against posting names of commercial companies, URLs or even recommendations. Had you written something like "BTW, I happen to know that a company called XYZ (found at www.xyz.com) does this or that, and they're pretty good at it", I would have accepted the answer. But as I said, at the time, your answer seemed like it was a self promotion (which it was), made by a new user (you) who had only one post (at the time).

                  If you want, you can post the info again, now that we've cleared up this issue.

                  Cheers,

                  Daniel Petri
                  Microsoft Most Valuable Professional - Active Directory Directory Services
                  MCSA/E, MCTS, MCITP, MCT

                  Comment


                  • #10
                    Re: How to send encrypted mail to external users

                    Thanks for all the responses! So, for the few employees who need to send external messages, can they have 2 certs? One for the internal network and one for encrypting external mail? Would it be easy for them to switch which one they're using?

                    Comment


                    • #11
                      Re: How to send encrypted mail to external users

                      You could and the user could switch certs from the Security options tab in Outlook. However I don't see much logic here, and I guess you could standardize your setup with one cert per person, either internal or external.
                      Cheers,

                      Daniel Petri
                      Microsoft Most Valuable Professional - Active Directory Directory Services
                      MCSA/E, MCTS, MCITP, MCT

                      Comment

                      Working...
                      X