Could not send out secure email using e-cert

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I just setup a test MS CA enterprise server and can request an e-cert from web. I downloaded my personal e-cert to my computer and configured MS Outlook secure e-mail from Option. I can include my downloaded e-cert to the "Certificates and Algorithms". However, when I send out secure email message using my e-cert, error message pop-up that my email address could not send out secure email. I understand when I requested my e-cert from CA server, the system didn't ask me my email address so that I couldn't use my e-cert for sending email.

My question is how can I include my email address in the e-cert when I request from CA server. I repeated going through the process, I still couldn't find out where I can include my email address in the e-cert

Thanks!

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Peter,

since you have Enterprise CA, information for the certificates are generated
from active directory. If your users have e-mail property set in AD it will
be added to certificate.

Also note what is the purpose of the certificate (e.g. Protects e-mail
messages)

I hope this helps,

Mike

"Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
> I just setup a test MS CA enterprise server and can request an e-cert from
web. I downloaded my personal e-cert to my computer and configured MS
Outlook secure e-mail from Option. I can include my downloaded e-cert to
the "Certificates and Algorithms". However, when I send out secure email
message using my e-cert, error message pop-up that my email address could
not send out secure email. I understand when I requested my e-cert from CA
server, the system didn't ask me my email address so that I couldn't use my
e-cert for sending email.
>
> My question is how can I include my email address in the e-cert when I
request from CA server. I repeated going through the process, I still
couldn't find out where I can include my email address in the e-cert
>
> Thanks!

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Mike,

I'm try to setup an e-cert environment for email encryption for our company users to replace PGP. We're required to support not only our domain users but also support different domain users overseas. I want to use CA enterprise to gerenate e-cert/keys for users to communicate with encryption email. I'm not sure whether I should use CA standalone instead of enterprise server in this case.

In addition, do you mean that when we're using MS Exchange 2003 under AD environment, our users do not have to import key to their Outlook for email encryption (as PGP do)?

"Miha Pihler" wrote:

> Hi Peter,
>
> since you have Enterprise CA, information for the certificates are generated
> from active directory. If your users have e-mail property set in AD it will
> be added to certificate.
>
> Also note what is the purpose of the certificate (e.g. Protects e-mail
> messages)
>
> I hope this helps,
>
> Mike
>
> "Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
> news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
> > I just setup a test MS CA enterprise server and can request an e-cert from
> web. I downloaded my personal e-cert to my computer and configured MS
> Outlook secure e-mail from Option. I can include my downloaded e-cert to
> the "Certificates and Algorithms". However, when I send out secure email
> message using my e-cert, error message pop-up that my email address could
> not send out secure email. I understand when I requested my e-cert from CA
> server, the system didn't ask me my email address so that I couldn't use my
> e-cert for sending email.
> >
> > My question is how can I include my email address in the e-cert when I
> request from CA server. I repeated going through the process, I still
> couldn't find out where I can include my email address in the e-cert
> >
> > Thanks!
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Peter,

You could setup standalone CA server. There you will have an option to
manually enter users details (e.g. first and last name, e-mail address, ...
etc). Just have a good CA design or you will end up installing new CA in a
year or so... .

In you Exchange 2003 environment users don't have to import _public_ keys
for other users that are in AD. If user is trying to send an e-mail to
someone in same organization then Outlook will perform the LDAP search in AD
and try to find published _public_ key of recipient.

I hope this helps,

Mike

"Peter Li" <PeterLi@discussions.microsoft.com> wrote in message
news:168130A2-CE95-41AF-A742-78D1B82C462A@microsoft.com...
> Hi Mike,
>
> I'm try to setup an e-cert environment for email encryption for our
company users to replace PGP. We're required to support not only our domain
users but also support different domain users overseas. I want to use CA
enterprise to gerenate e-cert/keys for users to communicate with encryption
email. I'm not sure whether I should use CA standalone instead of
enterprise server in this case.
>
> In addition, do you mean that when we're using MS Exchange 2003 under AD
environment, our users do not have to import key to their Outlook for email
encryption (as PGP do)?
>
> "Miha Pihler" wrote:
>
> > Hi Peter,
> >
> > since you have Enterprise CA, information for the certificates are
generated
> > from active directory. If your users have e-mail property set in AD it
will
> > be added to certificate.
> >
> > Also note what is the purpose of the certificate (e.g. Protects e-mail
> > messages)
> >
> > I hope this helps,
> >
> > Mike
> >
> > "Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
> > news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
> > > I just setup a test MS CA enterprise server and can request an e-cert
from
> > web. I downloaded my personal e-cert to my computer and configured MS
> > Outlook secure e-mail from Option. I can include my downloaded e-cert
to
> > the "Certificates and Algorithms". However, when I send out secure
email
> > message using my e-cert, error message pop-up that my email address
could
> > not send out secure email. I understand when I requested my e-cert from
CA
> > server, the system didn't ask me my email address so that I couldn't use
my
> > e-cert for sending email.
> > >
> > > My question is how can I include my email address in the e-cert when I
> > request from CA server. I repeated going through the process, I still
> > couldn't find out where I can include my email address in the e-cert
> > >
> > > Thanks!
> >
> >
> >