Message Security Support for PKI in Exchange 2003
PKI and Exchange do not directly integrate with one another in a message security system. Instead, they work together through the e-mail client. Because Exchange only provides delivery and storage of S/MIME messages, all other functionality in S/MIME e-mail results from interactions between the e-mail client and PKI. You do not need to integrate your system with PKI.
Note
If you are using Outlook Web Access with the S/MIME control, you must configure the Exchange servers used for Outlook Web Access to integrate with the PKI. You configure the Exchange server in the capacity of an e-mail client. For information about configuring Outlook Web Access when using the S/MIME control, see Implementing and Maintaining the Outlook Web Access S/MIME Control.
Configuring Active Directory is part of configuring the e-mail client and PKIs, rather than part of configuring Exchange. Specific configuration requirements for the directory vary depending on the e-mail client and PKI. Some e-mail clients and PKIs in an Exchange-based message security solution use a directory other than Active Directory. Because the directory is part of the integration between the e-mail client and PKI, for information about the configuration of the directory, including Active Directory, see the documentation for the e-mail client and PKI. Additional information about configuring the directory is provided in later sections in this guide.
Although you do not need to configure Exchange to integrate with PKI, there is configuration required in regards to PKI. Before S/MIME is fully functional, both the e-mail client and PKI must be configured to work with each other, and the e-mail client must be configured to work with the Exchange server.
PKI must be configured to support all e-mail clients that connect to the Exchange 2003-based message security system. Because an S/MIME system is made up of multiple technologies, most of the information for configuring PKI to support e-mail clients is in the documentation for these technologies. In addition, this guide provides supplemental information in later sections. The following table lists each component that needs to be configured, the component to which it is connected, and a source of information.
Configuring component connectivity and sources of information for PKI functionality
| Component to configure | Component to connect to | Source of Information |
|---|---|---|
Exchange |
PKI |
Not applicable |
PKI |
Exchange |
Not applicable |
PKI |
E-mail client |
|
E-mail client |
PKI |
Because Exchange 2003 ensures delivery and storage of S/MIME messages, there is no direct point of contact between the Exchange server and the PKI. With no direct contact, there is no configuration in Exchange required to implement or maintain support for PKI.