Users running Outlook 98 or later versions support S/MIME. Certificate Services only issues
X.509v3 (version 3) certificates, which
utilize S/MIME. KMS users with Outlook 97 or older clients,
however, do not support S/MIME and therefore cannot use the v3
certificates. These clients only support the Exchange 4.0/5.0
proprietary secure message format, which uses X.509v1 (version 1)
Note Outlook 98 and Outlook
2000 support both types of certificates.
In order to support these earlier clients, KMS will issue
X.509v1 certificates and maintain its own certificate
trust list. By default, all KMS users are given X.509v3
certificates issued by Certificate Services.
To make KMS issue v1 certificates to non-S/MIME clients:
On the Start menu, point to
Programs, point to Microsoft Exchange, and then click
In the console tree, click Advanced Security.
In the details pane, right-click Key Manager, and then
In the Key Management Service Login dialog box, type
your password, and then click OK. The default password is
Note You will have to re-type
your password each time you try to perform a task or click a tab in
the Key Manager Properties dialog box.
In Key Management Properties, click the
Enrollment tab, and then, under Certificate version,
select the check box.
Note With both version 1 and
version 3 certificates, Outlook 98 or later versions in your
organization will create two dual key
pairs instead of one. One is the standard S/MIME key pairs for
signing and encrypting, and the other will consist of X.509v1-based
key pairs, for compatibility with earlier clients.