I'm getting an error when trying to send an email with encryption.

If my firewall issues the cert from (E-Mail Removed), I download that
into Outlook, but I cannot send to ANY user at XYZ.COM. The error says it
does not recognize any user other than (E-Mail Removed) who issues/sent
the cert.

How can I configure Outlook that the cert is good for ANY user at xyz.com?

Thanks.

"Whispering Leaf" <(E-Mail Removed)> wrote in
message news:326B78C2-4599-4BC8-9B61-(E-Mail Removed)...
> I'm getting an error when trying to send an email with encryption.
>
> If my firewall issues the cert from (E-Mail Removed), I download
> that
> into Outlook, but I cannot send to ANY user at XYZ.COM. The error says
> it
> does not recognize any user other than (E-Mail Removed) who
> issues/sent
> the cert.
>
> How can I configure Outlook that the cert is good for ANY user at
> xyz.com?


I have yet to see any firewall (software or appliance) that acts as a CA
(certificate authority) and will issue certificates. Maybe you are
asking about how your certificate server works.

To send an encrypted e-mail to another user, you first need to get that
user's e-mail certificate. You don't use your own. You use their
certificate. That means if you want to encrypt mail sent to user "Joe
Brown" then Joe has to send you a digitally signed e-mail that contains
the pulic key half of his certificate. You then encrypt using Joe's
public cert key and then send him the encrypted mail. Only Joe can
decrypt that mail because he is the only one with the private key which
is the other half of the mail cert.

If you want to encrypt mail to a recipient, you need that recipient's
public key for their mail cert. To get it, have them send you a
digitally signed e-mail and save them in your Contacts (which also saves
the cert) so you can use that contact record with its cert to encrypt
your mails to that recipient. That means you will need the public key
for every recipient to which you want to send encrypted e-mails. For N
recipients, you will need N contact records where the public half of
their cert was saved. If you want others to send YOU encrypted e-mails
then you will need to send them a digitally signed e-mail containing the
public key from your mail cert so they can save it and later use it when
encrypting their e-mails - but those e-mails can only be sent to you
because you are the only person that has the private key, the other half
of the mail cert.

Thanks Vanguard.

This is Notes sending to Outlook 2003.

Our FW does send certs, sounds like Outlook can't handle this in this manner
somehow but on a per contact basis.

We are trying to have our FW cert that is sent be used for any email to
xyz.com, not possible it appears.


"Vanguard" wrote:

> "Whispering Leaf" <(E-Mail Removed)> wrote in
> message news:326B78C2-4599-4BC8-9B61-(E-Mail Removed)...
> > I'm getting an error when trying to send an email with encryption.
> >
> > If my firewall issues the cert from (E-Mail Removed), I download
> > that
> > into Outlook, but I cannot send to ANY user at XYZ.COM. The error says
> > it
> > does not recognize any user other than (E-Mail Removed) who
> > issues/sent
> > the cert.
> >
> > How can I configure Outlook that the cert is good for ANY user at
> > xyz.com?
>
>
> I have yet to see any firewall (software or appliance) that acts as a CA
> (certificate authority) and will issue certificates. Maybe you are
> asking about how your certificate server works.
>
> To send an encrypted e-mail to another user, you first need to get that
> user's e-mail certificate. You don't use your own. You use their
> certificate. That means if you want to encrypt mail sent to user "Joe
> Brown" then Joe has to send you a digitally signed e-mail that contains
> the pulic key half of his certificate. You then encrypt using Joe's
> public cert key and then send him the encrypted mail. Only Joe can
> decrypt that mail because he is the only one with the private key which
> is the other half of the mail cert.
>
> If you want to encrypt mail to a recipient, you need that recipient's
> public key for their mail cert. To get it, have them send you a
> digitally signed e-mail and save them in your Contacts (which also saves
> the cert) so you can use that contact record with its cert to encrypt
> your mails to that recipient. That means you will need the public key
> for every recipient to which you want to send encrypted e-mails. For N
> recipients, you will need N contact records where the public half of
> their cert was saved. If you want others to send YOU encrypted e-mails
> then you will need to send them a digitally signed e-mail containing the
> public key from your mail cert so they can save it and later use it when
> encrypting their e-mails - but those e-mails can only be sent to you
> because you are the only person that has the private key, the other half
> of the mail cert.
>
>
>

"Whispering Leaf" wrote in message
news:8D2B3D98-AAD6-4AF3-864A-(E-Mail Removed)...
> Thanks Vanguard.
>
> This is Notes sending to Outlook 2003.
>
> Our FW does send certs, sounds like Outlook can't handle this in this
> manner
> somehow but on a per contact basis.
>
> We are trying to have our FW cert that is sent be used for any email
> to
> xyz.com, not possible it appears.


What "firewall" are you using? Certs may be for client counting of
licensed software rather than e-mail certs. I suspect that whatever
certs are being issued from your "firewall" have nothing to do with
e-mail certs used for encryption. Certificates are not part of a
firewall, so something else is running on the same host as your firewall
that is issuing some kind of certificate. Unless you have a real need
to "communicate" with your firewall, its firewall is worthless for
e-mail encryption.