Use S/MIME in Microsoft Outlook
S/MIME (secure multimedia transfer format) can give end users some awkward feelings. Because it relies primarily on algorithms and the protocols that are described as complex. Microsoft has made it as simple and straightforward as possible in Outlook, but S/MIME is still a great benefit to users.
Certificate of Administration for Microsoft Outlook
Before you can use S/MIME for many settings, you will need a X.509v3 certificate that is used to mark messages (whether as a tag certificate, an encryption certificate, or a certificate of both). Therefore, certificate management should be used rationally
Get a new proof for Microsoft Outlook
For your private key, Outlook can correctly use any of the appropriate X.509v3 certificates that are created. So that you can get a certificate for your local user profile on the computer you use correctly. Whether you have a full public key infrastructure (PKI) installed or if a single user requires a certificate, you are able to manually or automatically enroll through a Windows Server 2003 CA via Exchange 2000 Server Key Management Service (KMS). Or, you can register a user by manually requesting a separate certificate from a third party CA.
If you do not use a Windows Server 2003 CA to manually or automatically register a certificate, you have to start Outlook to ask Outlook to request your new certificate by selecting the Tools | Options command, clicking on the Security tab, and clicking get a digital ID. When the next step neither relies on you to request a certificate through Exchange KMS, nor is it dependent on an external CA. For more information about installing and using certificate autoenrollment for Windows Server 2003, please refer to the technical hundred-leather book.
Obtain a certificate from an internal authentication server
Obtaining a certificate through the Windows Server 2003 Certificate Services component is the most common method for enterprise users. This (as you can see in chapter 12th, "Secure Mail") will use Exchange Server KMS. In Windows XP and Windows Server 2003 environments, the current preferred configuration mode is automatic enrollment with user certificates, but it supports exchange KMS Advanced Security using Exchange tools, including Active Directory Users and Computer snap-in (snap-in ) can still be used. Although the new model is very simple and has little or no user Exchange from the Outlook legacy and KMS end, the manual process is still simple. When a client uses Outlook to collect a template key, it starts running, and then often protects the first client to the CA (CLIENT-TO-CA) Exchange. You can prevent the marking of one mail message or use another (presumably more secure) offline channel. Another way is for users to tag before they start.
After you click to get a digital ID, you will see a dialog box like the one shown in Figure 13-6. This dialog box shows only those accounts that have been registered in the advanced security, and if you do not see them, you will need to register your account at the beginning. Because you need to resolve a certificate problem through the local Exchange organization's Certificate Server, select Install security for me on the Exchange Server option, and then click Confirm.
Figure 13-6 Finding the certificate source for your request
Outlook asks you to name the digital ID and type the one you selected. Then you will ask to set the password. Note that this password needs to be completely separated from your Windows account password----and is different, so as not to interfere with each other. At this point, your request is sent to the Certificate Server, and the request will be approved or rejected (usually handled quickly). First of all, although you will have to close the Outlook Options dialog, you will eventually receive an instruction status message from the CA indicating that your registration was rejected or accepted. If the request is accepted, you will be asked to enter a password that has enabled Outlook to publish your certificate for you in the Global Address List (GAL) (as described next, you can also set it manually).