Exchange 2000 with CA or KMS

[Miha]

Hi



In our organization we want to implement digital certificates for signing
and crypting e-mail.

We have Win2000 SBS (Win2000 with AD domain, Exchange 2000 server).

As I know I can digitally sign every e-mail message with my private key, and
also crypt it if I have sender's public key. So the request is:



- if we could have some kind of 'central storage' of recipient's public keys
(I assume that after a mail is accepted that also contains senders public
key, this key is automatically stored in this 'central storage' in Active
Directory or something), so all people in our organization could use this
key to send encrypted e-mail to this sender.

So each of our Exchange users don't have to have sender's public key,
because this key will be available through AD or 'central storage' to all
users.



Looking for some clues how to done this, I found that Exchange 2000 has KMS
service that could achieve this functionality, but since we don't have much
experience on this side, I'm we be very grateful if someone could explain me
a bit more about this or maybe point me to the right direction.



Thank you all in advance

Best regards

Miha

 

[Tomasz Onyszko]

Miha wrote:
(...)

Looking for some clues how to done this, I found that Exchange 2000 has KMS
service that could achieve this functionality, but since we don't have much
experience on this side, I'm we be very grateful if someone could explain me
a bit more about this or maybe point me to the right direction.

Public certificate for a user is published using AD and GAL - KMS gives
You option for key management and recovery.


This article should clarify for You usage of CA and KMS:
http://www.microsoft.com/technet/pr...ademigrate/series/planningguide/p_09_tt1.mspx