none
Setting up S/MIME on Exchange 2013

    Question

  • Hello,

    I've been tasked to setup S/MIME on the Exchange server and pretty much followed these steps. http://dizdarevic.ba/ddamirblog/?p=78

    My main concern is the certificate. I guess I would need to get a new cert for the receiving end to install on their server. Would I need to install that same cert on the exchange server? How would this affect the current CA cert on the exchange server? Could I use the existing CA cert that I have? and if so, will it also send our private key to them?

    Sorry, Cert is not my strong suit.

    Monday, April 15, 2019 1:19 PM

All replies

  • Your link throws an "Internal Server Error".  You should always post what you did, not what resource you attempted to follow so we know what you really did.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Monday, April 15, 2019 6:10 PM
    Moderator
  • Hi Chris,

     

    You can set up S/MIME to work with any of the following endpoints:

    • Outlook 2010 or later
    • Outlook on the web (formerly known as Outlook Web App)
    • Exchange ActiveSync (EAS)

     

    The brief steps about setting up S/MIME are:

     

    1. Install a Windows-based CA and set up a public key infrastructure to issue S/MIME certificates.
    2. Publish the user certificate in an on-premises Active Directory Domain Services (AD DS) account in the UserSMIMECertificate and/or UserCertificate attributes.
    3. Set up a virtual certificate collection in order to validate S/MIME.
    4. Set up the Outlook or EAS endpoint to use S/MIME.

     

    If you have an existing certificate from Windows-based/third-party CA, you can skip step1. The users in your organization need to have certificates issued for digitally signing and encryption purposes. You can either install Certificate Authority On-premises to issue certificates to the end users or have third party certificates issued to them. There are two attributes in a user object where certificate information stored: 1) UserCertificate and 2) UserSMimeCertificate.For more details, please refer to the article below:

     

    S/MIME for message signing and encryption

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 16, 2019 7:48 AM
  • Hi Chris,
     
    I am writing here to confirm with you how thing going now?
     
    If the above suggestion helps, please be free to mark it as an answer for helping more people.
     
    Regards,
    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, April 19, 2019 10:25 AM
  • Sorry. I don't know why I'm still not getting notification of replies.

    I imported their certificate onto my Exchange 2013 server.

    Anyways, I setup a send connector. Connector status enabled and proxy through client access server. I added the address space that they have specified. I also set the DomainSecureEnabled to true.

    I also setup a receive connector, enabled TLS and Mutual Auth TLS. I added their public exchange server IP addresses.

    I did a Set-transportConfig -TLSReceivedDomainSecureList theirdomain.com and I did a Set-transportConfig -TLSSendDomainSecureList mydomain.com

    It looks like the connectors work. I can send an email but they can't receive and vice-versa. I don't know if the receive connector is not setup correctly.

    Tuesday, April 23, 2019 2:44 PM
  • 

    Hi Chirs,

    I didn't find an official article with detailed step-by-step instructions for Exchange 2013. Here's a blog about deploying in Exchange Online, The article does not mention it needs deploy additional connectors. You might get help from it:

    How to Configure S/MIME in Office 365

    https://blogs.technet.microsoft.com/exchange/2014/12/15/how-to-configure-smime-in-office-365/

    Regards,

    Kelvin Deng


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 25, 2019 8:12 AM
  • Hi Chris,

    I am writing here to confirm with you how the thing going now?

    If the above suggestion helps, please be free to mark it as an answer for helping more people.
     
    Regards,
    Kelvin Deng

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, April 30, 2019 9:44 AM