Configuring Security

Install Exchange Certificate Templates

Once you have installed Windows 2000 Certificate Services, you need to add three Exchange certificate templates to at least one Certificate Services server before you can install KMS. Unless all three of these templates are added, you will receive an error message when you attempt to install KMS.

Exchange uses three templates for issuing certificates to Exchange users and computers. The type of template depends on what the certificate will be used for. Enrollment Agent (computer) allows the Key Management server to be issued certificates on behalf of Exchange Advanced Security users. Exchange User is used to encrypt mail and digital signatures. Exchange Signature Only is used for digital signatures only.

To install the Exchange certificates in Certificate Services:

  1. Start Windows 2000 Certificate Services: On the Start menu, point to Programs, point to Administrative Tools, and then click Certification Authority.

    Note   If Certification Authority does not appear in your Administrative Tools menu, it means Certificate Services has not been installed. For information on installing Certificate Services, see your Windows 2000 documentation.

  2. In the console tree, double-click the name of your CA. The CA name is determined during installation.
  3. Right-click Policy Settings, point to New, and then click Certificate to Issue.
  4. In Select Certificate Template, hold down the CTRL key to make multiple selections, and then click Enrollment Agent (Computer), Exchange User, and Exchange Signature Only, and then click OK.