|
Posted by Paul Adare on July 7, 2006, 4:59 am
If you were Registered and logged in, you could reply and use other advanced thread options
microsoft.public.security news group, =?Utf-8?B?Umljaw==?=
> Hello I have configured an enterprise Certificate Authority Server that will
> issue each email user a USER Certificate for Digital Signature purposes. On
> our internal email with digitally signed mail we can read the email but when
> I mail a free mail servers like yahoo or gmail the message is place on a
> smime.p7m file. How can our local CA server be trusted?
>
Getting your CA publicly trusted is a difficult and time consuming process
and should only really be undertaken by those who wish to provide PKI
services as a part of their core business. The short answer to your question
is that your local CA can't be trusted outside of your organization, nor
should it be. If you want to exchange signed or encrypted email with people
outside of your organization you either need to purchase S/MIME certificates
from someone like Verisign or you need to have an internal issuing CA
subordinated to an external publicly trusted root.
The fact that your signatures appear as an smime attachment when sending to
Yahoo or Gmail has nothing at all to do with the fact that your CA isn't
externally trusted.
--
Paul Adare - MVP Virtual Machines
It all began with Adam. He was the first man to tell a joke--or a lie. How
lucky Adam was. He knew when he said a good thing, nobody had said it
before. Adam was not alone in the Garden of Eden, however, and does not
deserve all the credit; much is due to Eve, the first woman, and Satan, the
first consultant." - Mark Twain
| 
XML site map