Configuring Security

Configure Certificate Version

Users running Outlook 98 or later versions support S/MIME. Certificate Services only issues X.509v3 (version 3) certificates, which utilize S/MIME. KMS users with Outlook 97 or older clients, however, do not support S/MIME and therefore cannot use the v3 certificates. These clients only support the Exchange 4.0/5.0 proprietary secure message format, which uses X.509v1 (version 1) certificates.

Note   Outlook 98 and Outlook 2000 support both types of certificates.

In order to support these earlier clients, KMS will issue X.509v1 certificates and maintain its own certificate trust list. By default, all KMS users are given X.509v3 certificates issued by Certificate Services.

To make KMS issue v1 certificates to non-S/MIME clients:

  1. Start System Manager
    On the Start menu, point to Programs, point to Microsoft Exchange, and then click System Manager.
  2. In the console tree, click Advanced Security.
  3. In the details pane, right-click Key Manager, and then click Properties.
  4. In the Key Management Service Login dialog box, type your password, and then click OK. The default password is password.

    Note   You will have to re-type your password each time you try to perform a task or click a tab in the Key Manager Properties dialog box.

  5. In Key Management Properties, click the Enrollment tab, and then, under Certificate version, select the check box.

Note   With both version 1 and version 3 certificates, Outlook 98 or later versions in your organization will create two dual key pairs instead of one. One is the standard S/MIME key pairs for signing and encrypting, and the other will consist of X.509v1-based key pairs, for compatibility with earlier clients.

Related Topics

Key Pairs