microsoft.com Home
http://www.microsoft.com/office/ork |
|
microsoft.com Home
|
|
|
|
||
|
http://www.microsoft.com/office/ork |
|||
Occasionally, you must renew, import, or export a set of security keys and digital certificates. For example, you might need to change computers and take your Digital ID (the combination of your certificate and private encryption key) with you, or you might need to get someone’s public security key in order to send them encrypted e—mail messages. Outlook provides ways to manage your security keys and certificates so that you can keep your e-mail messages secure.
Your Digital ID includes your digital certificate and public and private key set. Components for your Digital ID are stored in the Windows registry on your computer. The key set is encrypted using a password that you supply. If you use more than one computer, you must copy your Digital ID to each computer that you use.
Tip Make a copy of your Digital ID for safekeeping. You can protect the file that contains the copy by encrypting it and by using a password.
Certificates can be stored in three locations:
Users who enroll in Exchange Advanced Security have their certificates stored in the Global Address Book. In Internet Only mode, users can open the Global Address Book by using the LDAP provider. In Corporate/Workgroup mode, however, users must use the Exchange MAPI provider to gain access to certificates in the Global Address Book.
The Exchange MAPI provider does not support certificate access to any LDAP provider. Only certificates generated by Microsoft Exchange Server Advanced Security or by Microsoft Exchange Key Management Server are published in the Global Address Book. Externally generated certificates are not published to the Global Address Book.
External directory services, certificate authorities, or other certificate servers may publish their users’ certificates through an LDAP directory service. Internet Only mode in Outlook 2000 allows access to these certificates through LDAP directories.
If a user imports another user’s certificate into Outlook 2000 (for example, by adding a contact or importing a file), the certificate is stored in the registry. It cannot be shared or published to a directory service directly.
In order to exchange secure e-mail messages with another user, you must have that user’s public key. You gain access to the public key through the user’s certificate. There are three ways to obtain another user’s certificate:
When you receive a signed message from someone whose certificate you want to save, you can right-click the sender’s name on the To line and then click Add to Contacts. The address information is saved in your Contacts, and the sender’s certificate is saved in the registry.
Note If you export a contacts list, the corresponding certificates are not included. You must add the certificates from a received e-mail message on each computer that you use.
When you use Internet Only mode with a standard LDAP server, you can automatically retrieve another user’s certificate from an LDAP directory when you send an encrypted e-mail message. You must be enrolled in S/MIME security and you must have a Digital ID for your e-mail account.
When you use Corporate/Workgroup mode with Microsoft Exchange Server, you can obtain certificates from the Global Address Book. You must be enrolled in Exchange Advanced Security.
You can request that another user export a certificate to a file. To import a certificate for another user, click the Import/Export Digital ID button on the Security tab in the Options dialog box (Tools menu). You can also use the Import button on the Certificates tab in a contact item in your Contacts folder.
A time limit is associated with each certificate and private key. When the keys given by the Microsoft Exchange Key Management Server approach the end of the designated time period, Outlook displays a warning message and offers to renew the keys. Outlook sends the renewal message to the server on your behalf.
Topic Contents | Previous | Next | Top Friday, March 5, 1999 © 1999 Microsoft Corporation. All rights reserved. Terms of use. | ||
|
License
|