Configuring Security

Save the KMS Certificate

Before moving KMS users from one Key Management server to another, you must save the certificate of the destination Key Management server. KMS will use this certificate to encrypt all Advanced Security information, protecting it from detection during transmission. Also, using the destination server's certificate ensures that only the intended Key Management server will be able to read it.

To save the KMS certificate on the destination server:

  1. Start System Manager
    On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the console tree, click Advanced Security.
  3. In the details pane, right-click Key Manager, point to All Tasks, and then click Save KMS Certificate.
  4. In the Key Management Service Login dialog box, type your password, and then click OK. The default password is password.

    Note   You will have to re-type your password each time you try to perform a task or click a tab in the Key Manager Properties dialog box.

  5. To select a destination for the certificate, in Save KMS Certificate, type in a path, or click Browse. The certificate will be saved with a .crt extension. The location you choose must be accessible by the exporting Key Management server.