1

So we're setting up encrypted e-mail for our client running SBS with Exchange 2010 and Outlook 2010 on about a dozen machines (one running Outlook 2003, we're trying to talk them into upgrading it). It's new territory for me and my associate is only familiar with 3rd party encryption solutions.

My research suggests that Outlook natively supports encryption, all we have to do is get a certificate and load it into Outlook and we're ready to go.

3 questions:

  • Is my conclusion correct or is more configuration required?
  • Can a single certificate be used for all workstations and be pushed out via GPO?
  • For remote users not on the domain, is there an easy way to script/automate the certificate import process for Outlook? Something to make it super easy for a non-technical end user.

One of many sources I've found about encryption in Outlook, all directed towards single user cases: http://voices.yahoo.com/how-configure-outlook-2010-send-signed-or-11403564.html?cat=15

:edit: Copied from my comment below for clarity.
Well, I suppose part of it being new territory for me is my lack of appropriate vocabulary :)
At this point, I don't know which security scenario is best. Our client, a title company, was asked by one of the other companies they work with to implement secure e-mail. Yes, it was left that vague. As I was doing my research, I found that encrypting e-mail messages from the Outlook client was the most common result of my searches, so I focused on that and that is what I'm asking about.
However, if there's a better solution that I can implement in Exchange, I'm all ears!

Thomas
  • 868
  • 4
  • 17
  • 35
  • 1
    Are you talking about encryption of traffic between the Exchange 2010 server and the Outlook 2010 client, or are you talking about the clients sending and receiving encrypted messages with their contacts? Or are you talking about encrypting the mail stored on clients and/or server. All of these are encryption scenarios related to email which would require a different approach. – dunxd Feb 14 '13 at 15:37
  • Well, I suppose part of it being new territory for me is my lack of appropriate vocabulary :) At this point, I don't know which security scenario is best. Our client, a title company, was asked by one of the other companies they work with to implement secure e-mail. Yes, it was left that vague. As I was doing my research, I found that encrypting e-mail messages from the Outlook client was the most common result of my searches, so I focused on that and that is what I'm asking about. However, if there's a better solution that I can implement in Exchange, I'm all ears! – Thomas Feb 14 '13 at 20:34

1 Answers1

1

"Encrypted email" is a very general term. Outlook supports X.509 (S/MIME), for OpenPGP you need plugins.

It does usually not make sense to use the same certificate for several users. Doesn't look very professional to the outside world neither. If that is your aim then it may be easier not to use any crypto on the clients but use a crypto mail gateway instead. That way it should even be easily possible to support S/MIME and OpenPGP simultaneously (without having to care about Outlook's limited capabilities).

A key distribution infrastructure exists for OpenPGP but not for S/MIME.

Hauke Laging
  • 5,157
  • 2
  • 23
  • 40
  • We did eventually get a Symantec Encryption Management Server and built it in VMWare. It works beautifully, though Symantec's setup instructions and customer service leave a lot to be desired. – Thomas Aug 13 '13 at 17:50