Configuring Security


Microsoft Exchange 2000 Server Advanced Security uses certificates issued by Microsoft Windows 2000 Certificate Services to encrypt messages and create digital signatures. Exchange administrators can combine Certificate Services with Exchange Advanced Security to create a public key infrastructure (PKI) for their organizations.

In an Exchange PKI, Certificate Services acts as the certification authority (CA). Certificate Services will respond to certificate requests while maintaining and publishing certificate trust lists (CTLs) and certificate revocation lists (CRLs).

An Exchange administrator can use Encryption Configuration to determine which encryption algorithms and security message format will be used with the Certificate Services certificates. To enroll users in Advanced Security, and to securely store and maintain the keys created with Certificate Services certificates, use Key Management Service (KMS). KMS can also be used to recover lost keys, revoke keys whose integrity has been breeched, and to import and export Advanced Security users from other parts of an organization.

Important   Administrators should be aware that encrypted e-mail is unaffected by most virus detection programs. If you have encrypted messages circulating in your organization, your system may be vulnerable to viruses.

To learn more about Exchange Advanced Security and its features: