This article discusses how to configure the Exchange Server
2003 version of Microsoft Outlook Web Access (OWA) to permit users to digitally
sign and encrypt e-mail messages by using the new OWA Secure/Multipurpose
Internet Mail Extension (S/MIME) control. The S/MIME control works in
conjunction with public key infrastructure (PKI) technology to provide signing
and encryption functionality. Note
This article assumes a solid understanding of cryptography and
PKI technology. For more information about cryptography and Windows PKI, visit
the following Microsoft Web site:
How to Install Windows Server 2003 Certification Authority
The standard User certificate template that is included with
Windows Server 2003 Certificate Services supports message signing and message
encryption for the OWA S/MIME control. If you want to require separate
certificates for signing and encryption, you must create two new templates: one
template for signing and one template for encryption. Note
After the certification authority (CA) component is installed,
certificates are issued automatically upon request unless the certificate
template is modified to require an administrator to grant the certificate.
Therefore, user certificates are issued without an administrator's approval.
How to Request a Certificate
To request a user certificate, follow these steps:
- On the client computer, start Microsoft Internet Explorer.
- On the Address bar, type the following text (where
CertificateServer is the name of the server that is
running Certificate Services), and then click Go:
- If you are prompted to, type your authentication
credentials, click Request a certificate, and then click
- On the Choose Request Type page, click
User Certificate, and then click Next.
- On the User Certificate – Identifying
Information page, click Submit.
- On the Certificate Issued page, click
Install this certificate.
How to Install the OWA S/MIME Control
To install the OWA S/MIME control on the client computer, follow
- On a Windows 2000-or-later-based client computer that is
running Internet Explorer 6.0 or later, log on to OWA.
- In the OWA Navigation pane, click
- Under E-mail Security, click
Note If you receive a Security Warning dialog box,
- Under E-mail Security, click to select
the Encrypt contents and attachments for outgoing messages
check box if you want encryption enabled by default when you compose a message.
- Under E-mail Security, click to select the
check box for the recipient of the signed message. The message should be
digitally signed by the sender.
How to Test Encryption and Signing
To send an encrypted message, follow these steps:
- In OWA, click New.
- Compose a message.
Note The sender must have the recipient’s public key to encrypt the
message contents. Therefore the recipient must have already enrolled with
- On the toolbar, click Add digital signature to
- Click Send.
- Verify that the message is encrypted and viewable only by
the recipient on a computer that has the recipient’s encryption certificate