Monday, April 02, 2007

Using a Public Key Infrastructure to secure Microsoft Exchange Server 2003

Public Key Infrastructures (PKI from here on out!) use two mathematically related keys, a Public Key, and a Private Key. The public key is as it's name describes public and thus shared with others so they can Verify your Private key (Message Signing) and Encrypt messages to you. You keep the Private Key private and can then decrypt the messages sent to you with your key and sign outgoing messages to prove they came from you & where not tampered with in transit.

For all of this to work you need a client that supports S/MIME such as Outlook, Outlook Web Access, and most 3rd Party POP3 & IMAP4 clients. Also you need to both trust the same Certificate Authority (CA).

PKI's are best used with-in the same Active Directory Domain/Forest with a Windows 2003 Certificate Authority as the CA for the domain. Also Auto Enrollment must be enabled or all certificates would need to be manually approved by a CA administrator.

No comments: