Certificate Trust List

Operations	<<	>>

Certificate Trust List

A certificate trust list enables organizations to establish trust with other organizations so users can verify the digital signature of messages sent by users in other trusted organizations.

Use the Certificate Trust List property page to view other organizations that are currently certified on your Microsoft Exchange Server and to import certificates from outside of your organization. A certificate binds a public key to a particular certification authority.

Getting to the Certificate Trust List property page

In the Administrator window, choose Configuration in the site where the KM server is located.
Double-click CA.
Select the Certificate Trust List tab.

Importing Certificates

Importing certificates from another certification authority allows you to establish trust with another organization.

Use the Certificate Trust List property page to import a certificate from another organization. Importing certificates requires multiple administrator passwords if multiple password policies are set.

Select the Certificate Trust List tab.
Choose Import.
In the Key Management Server Passwords box, type the required number of advanced security administrator passwords, and then choose OK after each password.
Select a certificate or a Certification Revocation List (CRL) to import, and then type the file name.

Option Description

Import a certificate Imports a certificate from another organization to the KM server. The certificate should be a .Crt file from a CA. You should have already received this certificate file from an outside organization.

Import a CRL Imports a CRL to the KM server. The CRL contains a list of clients from a trusted organization that no longer hold valid security keys. It consists of the serial number of the certificate and the revocation date of the certificate. CRLs can be sent to you by e-mail or published on a Web page.

File name Type the name of the file that contains the certificate or CRL you want to import.

Option	Description
Import a certificate	Imports a certificate from another organization to the KM server. The certificate should be a .Crt file from a CA. You should have already received this certificate file from an outside organization.
Import a CRL	Imports a CRL to the KM server. The CRL contains a list of clients from a trusted organization that no longer hold valid security keys. It consists of the serial number of the certificate and the revocation date of the certificate. CRLs can be sent to you by e-mail or published on a Web page.
File name	Type the name of the file that contains the certificate or CRL you want to import.

Untrusting and Removing Certificates

A certificate from another certifying authority is trusted when you import it to your organization. You can use the Certificate Trust List property page to untrust or remove an imported certificate. Untrusting a certificate removes the trust placed in the certificate when it was imported. Removing a certificate deletes the certificate from your system but does not remove the trust placed in it. If you remove a certificate, you cannot untrust it later. Untrusting or removing certificates requires multiple administrator passwords if multiple password policies are set.

Select the Certificate Trust List tab.
Select a certificate and then choose Remove.
In the Key Management Server Passwords box, type the required number of advanced security administrator passwords, and then choose OK after each password.
Select the method you want to use to remove the certificate.

Option Description

Untrust certificate Ensures you have a record of certificates that are untrusted from your KM server because the certificates are no longer valid.

Remove certificate Removes the certificate from the KM server but does not add it to your CRL. Use this option with caution because a removed certificate cannot be untrusted. It is recommended that you use the Untrust certificate option to remove its trust, and then use the Remove certificate option to delete the certificate from your system.

Option	Description
Untrust certificate	Ensures you have a record of certificates that are untrusted from your KM server because the certificates are no longer valid.
Remove certificate	Removes the certificate from the KM server but does not add it to your CRL. Use this option with caution because a removed certificate cannot be untrusted. It is recommended that you use the Untrust certificate option to remove its trust, and then use the Remove certificate option to delete the certificate from your system.

Viewing Certificates

You can view the name, issuer, and expiration date of certificates that have been imported from other organizations and are trusted on your KM server. Use the Certificate Trust List property page to view the attributes of a certificate.

Select the Certificate Trust tab.
Select a certificate and then choose Properties.

Property Page Description

General Shows the validity of a certificate.

Details Shows who the certificate was issued to, the issuer, the friendly name, the creation and expiration dates, the serial number, the finger print, the algorithm, and the status.

Advanced Shows details of the certificate's start date, expiration date, version, and intended use.

Property Page	Description
General	Shows the validity of a certificate.
Details	Shows who the certificate was issued to, the issuer, the friendly name, the creation and expiration dates, the serial number, the finger print, the algorithm, and the status.
Advanced	Shows details of the certificate's start date, expiration date, version, and intended use.