Setting up encrypted and signed email for outlook... on the cheap(free).

First get yourself an account at https://www.cacert.org this place is awesome since I detest paying for anything... especially a cert.

I use this same account for multiple people in the office. Let's say I'm settting up joe@joe.com I first click add under email accounts and then type in joe@joe.com. This then sends Joe an email with the subject [Cacert.org] Mail Probe and a link that he must click in order to verify his address.

After he has clicked on the link I log back into cacert.org and then click Client Certificates/New. I then create a new certificate using joe@joe.com. I use the default of (Microsofot Enhanced Cryptographic Provider v1.0) and Install the Certificate.

Once the cert is installed I export it with the private key so I can send it to joe, and I export the public key so I can publish to GAL using active directory.

This is accomplished by opening IE, going to tools, Internet options, content tab, Certificates button, under personal tab I click on the cert I want to export and then click export. I choose to export the private key and I export Joe.pfx

I repeat this process but this time I only export the public key saving it as Joe.cer

***This part is sneaky vodoo***! (Hard to find instructions for this on the net)
Next I go to the email server and publish the Joe.cer (public cert).
First copy Joe.cer over to the email server. Then open the exhange system manager on the email server. Then, recipients, All global Address Lists, R-click on Default Global Address List, Properties, And then (drum roll please) hit the preview button, then find and double click the person you want to add a cert to, then go to published certificates tab, then click add from file. This will publish their cert to the GAL (global address list)

Next I like to send them a test encrypted message. Outlook is funny you have to hit the options button (this is also under view, options) and then enable sign and encrypt.

Next we need to enable joe to be able to actually read his encrypted email. To do this send joe his joe.pfx and have him import it. That should do it.