none
How to get S/MIME certificate from Windows CA (Standalon or Enterprise) RRS feed

  • Question

  • Hi

    I need s/mime certificate for email sign/encryption in my organization, mu question is

    1- how to get S/MIME certificate from our Microsoft CA?

    2- how to we create CSR file for this scenario?

    Thanks



    Sunday, August 4, 2019 7:44 AM

All replies

  • Hello,
    Thank you for posting in our TechNet forum.

    >>1- how to get S/MIME certificate from our Microsoft CA?


    We can see all the certificates CA issued on CA as below: Logon CA server->open Certification Authority->Issued Certificates containers




    If we want to export or save one certificate, we can right click this certificate and select Open->Details tab->Copy to File...






    >>2- how to we create CSR file for this scenario?

    Do we have IIS server? If so, we can refer to the steps in the following article.

    How to Generate a CSR for Microsoft IIS 8



    Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.




    Best Regards,
    Daisy Zhou


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 5, 2019 7:18 AM
    Moderator
  • Hi

    thanks, but I need S/MIME certificate for Email encryption and/or Signing

    we have Exchange 2016 email server, we need some users used S/MIME to send secure email

    Monday, August 5, 2019 8:36 AM
  • You can use the Exchange User template. Create a duplicate and configure as needed.

    • Create an AD security group that includes the group of users you mention
    • Verify an AD GPO allows for autoenroll of certificates

    On the template

    • Assign Read and Enroll and Autoenroll permissions to the AD group. 
    • Allow AD to populate the user's subject name (email address)
    • Assign Signature and Encryption for intended purpose

    There are several things to consider, no surprise, when implementing this in your environment.

    Hope that helps,


    Regards,

      Bill

    Bill Stites - PKI Consultant

    Bill Stites, PKI Consultant , started in PKI at Providence Health & Services
    in the Pacific Northwest in 2006. He has since consulted in the design and implementation of PKIs
    and certificate management systems in retail, government and insurance organizations.
     

    Monday, August 5, 2019 3:01 PM
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 7, 2019 9:27 AM
    Moderator
  • Hi,
    I am just writing to see if this question has any update. If anything is unclear, please feel free to let us know.

    Thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 9, 2019 8:49 AM
    Moderator