XCLN: How to Send Encrypted Mail to a User in Another Organization (197974)

SUMMARY

Key Management server (in Exchange Server version 5.5 Service Pack 1 and later) and the Key Management Service (in Exchange 2000 Server) support X509.V3. Outlook 98 users that are enrolled in Advanced Security can use their X509.V3 certificate to send encrypted mail to users in a different organization that also uses X509.V3 certificates.

MORE INFORMATION

To send encrypted mail between users in different organizations, Outlook 98 must detect the recipient's enrollment in Advanced Security. If Outlook 98 does not detect the recipient's enrollment in Advanced Security, you receive the following message:

"None of the recipients can process an encrypted message. You can either
proceed with an unencrypted message or cancel the operation"

However, users can send digitally signed messages to any user, whether or not the user is enrolled in Advanced Security. The digitally signed message indicates to the recipient that the sender is enrolled in advanced security and therefore can decrypt messages.

The following scenario describes how to configure users in different organizations to send encrypted e-mail messages by using Outlook 98.

For UserA to send an encrypted message to UserB using Outlook 98, perform the following steps:

Enroll both UserA and UserB in X509.V3 security.
UserB sends a digitally signed message to UserA.
UserA opens the message, right-clicks on UserB's address, and clicks Add to Contacts.
A contact is created for UserB containing the certificate information.

NOTE: If a contact already exists, UserA is prompted to update the contact.
UserA can now send encrypted mail to UserB by selecting UserB from the Contacts list.

NOTE: Outlook 98 takes some time to process the digitally signed Contact information. After you add a contact with a digital signature, it is recommended that you log off and restart Outlook 98, or wait a few minutes before you attempt to send encrypted mail to a newly added or updated Contact.