How to publish digital ID (certificate) to GAL ?

Here we want to use digital ID (certificate) to announce confidential email
to all the colleagues. If the user wants to read the confidential mail, he
must first imports the digital certificate manually from the mail issuer. I
find there is a function "Publish digitial ID to GAL", is that mean if the
mail issuer publish the digital ID to GAL, then all the GAL users will get
the digitial ID automatically and will be able to read the confidential mail
without import digitial ID ? How to publish digital ID (certificate) to GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

Before answering, I have one question. Is your site using an internal
certificate authority?

"Enid" wrote in message
news
Here we want to use digital ID (certificate) to announce confidential
email
to all the colleagues. If the user wants to read the confidential mail, he
must first imports the digital certificate manually from the mail issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean if the
mail issuer publish the digital ID to GAL, then all the GAL users will get
the digitial ID automatically and will be able to read the confidential
mail
without import digitial ID ? How to publish digital ID (certificate) to
GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

YES ! Here we use Microsoft CA Server to issue the digital certificate.

"neo [mvp outlook]" wrote:

Before answering, I have one question. Is your site using an internal
certificate authority?

"Enid" wrote in message
news
Here we want to use digital ID (certificate) to announce confidential
email
to all the colleagues. If the user wants to read the confidential mail, he
must first imports the digital certificate manually from the mail issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean if the
mail issuer publish the digital ID to GAL, then all the GAL users will get
the digitial ID automatically and will be able to read the confidential
mail
without import digitial ID ? How to publish digital ID (certificate) to
GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

YES ! Here we use microsoft CA server to issue the digital certificate.

"neo [mvp outlook]" wrote:

Before answering, I have one question. Is your site using an internal
certificate authority?

"Enid" wrote in message
news
Here we want to use digital ID (certificate) to announce confidential
email
to all the colleagues. If the user wants to read the confidential mail, he
must first imports the digital certificate manually from the mail issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean if the
mail issuer publish the digital ID to GAL, then all the GAL users will get
the digitial ID automatically and will be able to read the confidential
mail
without import digitial ID ? How to publish digital ID (certificate) to
GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

Okay, your question is a bit more complex that just what is the "publish
digital id to gal" for. In an environment that has established an
Enterprise CA and is storing certificates in Active Directory at the time
they are created for their users, then the "publish digital id to gal"
should be disabled via a policy.

The reason for this is that you don't want your users uploading a 3rd party
certificate S/MIME certificate(s) into you Active Directory environment.
Instead you should probably look at the whitepapers on Microsoft's site on
how to establish a Public Key Infrastructure (PKI).

These whitepapers should help you answer the first questions about "without
importing digital id?" or "how to publish digital id?" because an Enterprise
CA will let you establish templates that will have the CA service publish
the user certificate to active directory the instance it is issued. Since
it is automatic, the user doesn't have to do anything except maybe wait 24
hours so that a exchange client like Outlook 2003 running in cacahed mode
downloads the next differential update of the offline address book.

Now I'll climb down off my soap box and do a bit of generalization about the
"publish digital id to the gal" button. Basicallly this button was designed
for users to upload 3rd party s/mime certificates. If this button is
selected and no certificates currently exist on the workstation in question
that is designed for S/MIME use, then the error will be generated.



"Enid" wrote in message
news
Here we want to use digital ID (certificate) to announce confidential
email
to all the colleagues. If the user wants to read the confidential mail,
he
must first imports the digital certificate manually from the mail
issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean if
the
mail issuer publish the digital ID to GAL, then all the GAL users will
get
the digitial ID automatically and will be able to read the confidential
mail
without import digitial ID ? How to publish digital ID (certificate) to
GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

I am so confused !
"an Enterprise CA will let you establish templates that will have the CA
service publish the user certificate to active directory the instance it is
issued. "
In my environment, I did't see any user certificate in any domain computer.
Why ? Our outlook user still need to manually import the mail issuer's
certificate to read the encrypted mail.

"neo [mvp outlook]" wrote:

Okay, your question is a bit more complex that just what is the "publish
digital id to gal" for. In an environment that has established an
Enterprise CA and is storing certificates in Active Directory at the time
they are created for their users, then the "publish digital id to gal"
should be disabled via a policy.

The reason for this is that you don't want your users uploading a 3rd party
certificate S/MIME certificate(s) into you Active Directory environment.
Instead you should probably look at the whitepapers on Microsoft's site on
how to establish a Public Key Infrastructure (PKI).

These whitepapers should help you answer the first questions about "without
importing digital id?" or "how to publish digital id?" because an Enterprise
CA will let you establish templates that will have the CA service publish
the user certificate to active directory the instance it is issued. Since
it is automatic, the user doesn't have to do anything except maybe wait 24
hours so that a exchange client like Outlook 2003 running in cacahed mode
downloads the next differential update of the offline address book.

Now I'll climb down off my soap box and do a bit of generalization about the
"publish digital id to the gal" button. Basicallly this button was designed
for users to upload 3rd party s/mime certificates. If this button is
selected and no certificates currently exist on the workstation in question
that is designed for S/MIME use, then the error will be generated.



"Enid" wrote in message
news Here we want to use digital ID (certificate) to announce confidential
email
to all the colleagues. If the user wants to read the confidential mail,
he
must first imports the digital certificate manually from the mail
issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean if
the
mail issuer publish the digital ID to GAL, then all the GAL users will
get
the digitial ID automatically and will be able to read the confidential
mail
without import digitial ID ? How to publish digital ID (certificate) to
GAL ?
I always get "No valid security setting to publish...." when click the
"Publish digital ID" button. Anyone have idea ?

Installing and supporting a certificate authority is not an Outlook
question. However to answer the question, users wouldn't see a certificate
installed on their workstation unless the site went with auto-enrollment or
the user requested a certificate.


"Enid" wrote in message
...
I am so confused !
"an Enterprise CA will let you establish templates that will have the CA
service publish the user certificate to active directory the instance it
is
issued. "
In my environment, I did't see any user certificate in any domain
computer.
Why ? Our outlook user still need to manually import the mail issuer's
certificate to read the encrypted mail.

"neo [mvp outlook]" wrote:

Okay, your question is a bit more complex that just what is the "publish
digital id to gal" for. In an environment that has established an
Enterprise CA and is storing certificates in Active Directory at the time
they are created for their users, then the "publish digital id to gal"
should be disabled via a policy.

The reason for this is that you don't want your users uploading a 3rd
party
certificate S/MIME certificate(s) into you Active Directory environment.
Instead you should probably look at the whitepapers on Microsoft's site
on
how to establish a Public Key Infrastructure (PKI).

These whitepapers should help you answer the first questions about
"without
importing digital id?" or "how to publish digital id?" because an
Enterprise
CA will let you establish templates that will have the CA service publish
the user certificate to active directory the instance it is issued.
Since
it is automatic, the user doesn't have to do anything except maybe wait
24
hours so that a exchange client like Outlook 2003 running in cacahed mode
downloads the next differential update of the offline address book.

Now I'll climb down off my soap box and do a bit of generalization about
the
"publish digital id to the gal" button. Basicallly this button was
designed
for users to upload 3rd party s/mime certificates. If this button is
selected and no certificates currently exist on the workstation in
question
that is designed for S/MIME use, then the error will be generated.



"Enid" wrote in message
news Here we want to use digital ID (certificate) to announce
confidential
email
to all the colleagues. If the user wants to read the confidential
mail,
he
must first imports the digital certificate manually from the mail
issuer.
I
find there is a function "Publish digitial ID to GAL", is that mean
if
the
mail issuer publish the digital ID to GAL, then all the GAL users
will
get
the digitial ID automatically and will be able to read the
confidential
mail
without import digitial ID ? How to publish digital ID (certificate)
to
GAL ?
I always get "No valid security setting to publish...." when click
the
"Publish digital ID" button. Anyone have idea ?