Disclaimer, S/MIME for IIS SMTP Service and Exchange Server 2000/2003/2007 SP2

Email Encryption

Email Encryption protects email content from exposure to inappropriate recipients. Encrypting email doesn't require sender certificate but the certificate with public key for every recipient. For example, from@adminsystem.com sends an email to rcpt@adminsystem.com with digital signature. The digital signature contains the public key certificate for from@adminsystem.com, then rcpt@adminsystem.com can send an encrypted email with this certificate back to from@adminsystem.com. Only from@adminsystem can read this email, because this email MUST be decrypted by private key of from@adminsystem.com. Therefore, you MUST receive a digital signed email from other people (Most email clients such as outlook, outlook express will add the certificate to the Other People Storage automatically once an digital signed email is received) before you can send encrypted email to this people. To encrypt email with EA S/MIME in your Exchange server, you need to export the recipient's certificate first.

Export Certificate

Go to "Control Pannel"->"Internet Options"->"Content"->"Certificates"->"Personal" or "Other People", select your certificate and click "Export", then choose "No, do not export the private key"->"DER encoded binary X.509(.CER)" file and save it to your server local disk.

You can also export the certificate from a digital signed email like this: Open the email with outlook express, then click "File"->"Properties"->"Security"->"View Certificates"->"Signing Certificate"->"Detail->"Copy To File".

To export the certificate from your machine certificate storage, you can:

Windows Start Menu->input:
MMC

press enter.

MMC->File Menu->Add/Remove Span-in
Add->Choose "Certificates"-> Computer Account->Local Machine->Finish->Close.

Then the certificate can be found at  
"Certificates(Local Computer)->"Personal" Or "Other People->Certificates"
then right click -> Export ...

Setup Email Encryption

First of all, click "Smime Sink Manager" from "Start menu-> All Programs->EA Smime Sink->Smime Sink Manager" to begin the setup. Secondly, click "Email Encryption" -> "New Encryption", the following diaglog box will popup.

email encryption, s/mime

Recipient Email Address

If an email address is specified here, every email to this email address will be encrypted with specified certificate automatically. Please select the certificate (.cer) from your local disk and click "OK".

Important Notice

Email will not be encrypted under the following situations:

1.The email is not MIME compatible. For example, the email is sent from outlook to internal user and it is in RTF format, the email will not be encrypted. So you should send the email to outside domain to test the email encryption.

2. When there are mutiple recipients in one email, and you have not all recipient's certificate set. For example, if an email is sent to test1@adminsystem.com and test2@adminsystem.com, and you only have the certificate for test1@adminsystem.com set, the email will not be encrypted. It is because if the email is encrypted, test2@adminsystem.com can not decrypt the email to read it.