I manage an Exchange Server 2003 organization, and I want to build an infrastructure that supports the use of encrypted email. What's the best way to get started?
Setting up an entire public key infrastructure (PKI) can seem daunting. True, the project isn't exactly trivial, but the basics are pretty simple. You need a Certificate Authority (CA), which issues certificates to Outlook users. You can use Certificate Services to set up your own CA, or you can use a third-party CA such as GTE CyberTrust, Thawte, or VeriSign. You can find deployment models that combine internal and external CAs, but for a pilot or small deployment I suggest you set up your own CA, issue some certificates to users, and let them start using secure mail. As far as your Exchange 2003 Secure MIME (S/MIME) deployment is concerned, the best way to begin is probably by reading the excellent Microsoft article "Quick Start for SMIME in Exchange Server 2003" (http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/qssmimes.mspx). You can also find out more about PKIs and Certificate Services by reading the Security Administrator article "Uncover PKI and Certificate Services in Windows Server 2003," May 2004, InstantDoc ID 42172.