Follow us on Twitter
Follow us on YouTube
Would you like to suggest a topic for the Exchange team to blog about? Send suggestions to us.
S/MIME support for Exchange Outlook Web Access (OWA) was introduced in Exchange 2003. In Exchange 2007 SP1, we are adding S/MIME support back and making it more reliable and powerful. Below, is a short introduction to S/MIME and simple end-to-end steps for how to use S/MIME with OWA on Exchange Server 2007 SP1.
The S/MIME feature in OWA is about secure messaging - enabling OWA to send and receive signed and encrypted email. Signed messages allow the recipient to verify that the message came from the person that the message claims to be from. Encrypted messages allow the sender to ensure that only the intended recipients can read messages that are sent to them. While it’s true that the message is unreadable to anyone who might intercept it while in transit, it is also true that even the Exchange administrator cannot read these messages.
Install the S/MIME control
You need to install the S/MIME control to use S/MIME in OWA. Here’s how you do it:
1) Launch IE and log in to OWA.
2) In the main window, navigate to the Options page (top of the page on the right):
3) Click "E-Mail Security" and click "Download the Outlook Web Access 2007 S/MIME control",
4) Follow the installation steps. After installation is complete, the "E-Mail Security" page should look like this:
Get a certificate
You need to get an email certificate to send and receive signed/encrypted messages. Note: if you sign a message without encrypting it, the message will be viewable by someone who intercepts it in transit.
To get a certificate, you can either:
There are several public services issuing email certificates (ex. Comodo, VeriSign).
The choice of certificate authority is up to the user. Note: Comodo currently provides a free email certificate without a trial period expiration.
Once you have requested an email certificate from a certificate authority (e.g. Comodo), you will receive an email informing you how to get, and install, the certificate on your local machine.
If enrolling the certificate is completed successfully, your certificate, with private key, will be installed on your computer (or in your smart card depending on the template you select).
Working with signed or encrypted messages in Exchange 2007 SP1 OWA
After installing the S/MIME control and getting an email certificate, you will be able to read, send encrypt and sign messages in OWA.
Reading and verifying a signed message
Open a signed message. In the message window, you can verify the signature by reading the "Signed By" information. This link tells you if the signature is valid, or not, and who signed the message.
On the "Signed by" line:
In a sample message:
Clicking the "more information" link will display a dialog with certificate information.
If the signature is valid, the dialog will show you additional details about the signature such as who sent the mail, who the signer is identified as and who the certificate authority that issued the certificate was.
If the signature is invalid, the dialog will show you why the signature is invalid.
Reading an encrypted message
Sending a signed message
Sending an encrypted message
- Chongwen Xie