How To Configure Exchange Server 2003 OWA to Use S/MIME

This article discusses how to configure the Exchange Server 2003 version of Microsoft Outlook Web Access (OWA) to permit users to digitally sign and encrypt e-mail messages by using the new OWA Secure/Multipurpose Internet Mail Extension (S/MIME) control. The S/MIME control works in conjunction with public key infrastructure (PKI) technology to provide signing and encryption functionality.

Note This article assumes a solid understanding of cryptography and PKI technology. For more information about cryptography and Windows PKI, visit the following Microsoft Web site:

How to Install Windows Server 2003 Certification Authority

The standard User certificate template that is included with Windows Server 2003 Certificate Services supports message signing and message encryption for the OWA S/MIME control. If you want to require separate certificates for signing and encryption, you must create two new templates: one template for signing and one template for encryption.

Note After the certification authority (CA) component is installed, certificates are issued automatically upon request unless the certificate template is modified to require an administrator to grant the certificate. Therefore, user certificates are issued without an administrator's approval.

How to Request a Certificate

To request a user certificate, follow these steps:

1. On the client computer, start Microsoft Internet Explorer.
2. On the Address bar, type the following text (where CertificateServer is the name of the server that is running Certificate Services), and then click Go:
   http://CertificateServer/certsrv
3. If you are prompted to, type your authentication credentials, click Request a certificate, and then click Next.
4. On the Choose Request Type page, click User Certificate, and then click Next.
5. On the User Certificate – Identifying Information page, click Submit.
6. On the Certificate Issued page, click Install this certificate.

How to Install the OWA S/MIME Control

To install the OWA S/MIME control on the client computer, follow these steps:

1. On a Windows 2000-or-later-based client computer that is running Internet Explorer 6.0 or later, log on to OWA.
2. In the OWA Navigation pane, click Options.
3. Under E-mail Security, click Download.
   
   Note If you receive a Security Warning dialog box, click Yes.
4. Under E-mail Security, click to select the Encrypt contents and attachments for outgoing messages check box if you want encryption enabled by default when you compose a message.
5. Under E-mail Security, click to select the check box for the recipient of the signed message. The message should be digitally signed by the sender.

How to Test Encryption and Signing

To send an encrypted message, follow these steps:

1. In OWA, click New.
2. Compose a message.
   
   Note The sender must have the recipient’s public key to encrypt the message contents. Therefore the recipient must have already enrolled with Certificate Services.
3. On the toolbar, click Add digital signature to this message.
4. Click Send.
5. Verify that the message is encrypted and viewable only by the recipient on a computer that has the recipient’s encryption certificate installed.