Whispering Leaf said:
I'm getting an error when trying to send an email with encryption.
If my firewall issues the cert from (e-mail address removed), I download
that
into Outlook, but I cannot send to ANY user at XYZ.COM. The error says
it
does not recognize any user other than (e-mail address removed) who
issues/sent
the cert.
How can I configure Outlook that the cert is good for ANY user at
xyz.com?
I have yet to see any firewall (software or appliance) that acts as a CA
(certificate authority) and will issue certificates. Maybe you are
asking about how your certificate server works.
To send an encrypted e-mail to another user, you first need to get that
user's e-mail certificate. You don't use your own. You use their
certificate. That means if you want to encrypt mail sent to user "Joe
Brown" then Joe has to send you a digitally signed e-mail that contains
the pulic key half of his certificate. You then encrypt using Joe's
public cert key and then send him the encrypted mail. Only Joe can
decrypt that mail because he is the only one with the private key which
is the other half of the mail cert.
If you want to encrypt mail to a recipient, you need that recipient's
public key for their mail cert. To get it, have them send you a
digitally signed e-mail and save them in your Contacts (which also saves
the cert) so you can use that contact record with its cert to encrypt
your mails to that recipient. That means you will need the public key
for every recipient to which you want to send encrypted e-mails. For N
recipients, you will need N contact records where the public half of
their cert was saved. If you want others to send YOU encrypted e-mails
then you will need to send them a digitally signed e-mail containing the
public key from your mail cert so they can save it and later use it when
encrypting their e-mails - but those e-mails can only be sent to you
because you are the only person that has the private key, the other half
of the mail cert.
