Key Management Server

You can use Microsoft Exchange Server 5.5 Service Pack 1 to perform the following new security-related functions:

Use Microsoft Certificate Server to generate user certificates. Service Pack 1 is the first release in which Certificate Server can act as the certification authority (CA) for the organization. If you use only Version 3 (V3) certificates in your organization, Key Management server (KM server) no longer acts as the CA. KM server is now the key recovery agent for Certificate Server. For more information, see "Configuring Microsoft Certificate Server for Use with KM Server" later in this document.
Use industry standard X.509 V3 certificates issued by the Certificate Server for use with Secure/Multipurpose Internet Mail Extension (S/MIME) clients. Any S/MIME client (for example, Outlook Express, Outlook 98, or any third-party S/MIME client) can use X.509 V3 certificates. KM server generates the X.509 V1 certificates for backward compatibility with Outlook 97 and earlier Microsoft Exchange clients. For more information, see "Configuring KM Server to Use V1 and V3 Certificates" later in this document.
Establish trust with other certification authorities. You can use KM server to establish trust relationships by importing or removing root certificates and Certificate Revocation Lists (CRLs) from outside organizations. Root certificates must be X.509 V3, but are not required to be issued by a Certificate Server. When a certificate is imported, it is added to a certificate trust list that is published to the directory. Outlook 98 clients running in corporate mode can read the certificate trust list and authenticate and trust the S/MIME digital signatures on e-mail received from users in other organizations. In addition to importing certificates from other organizations, you should export your root certificates so KM server administrators in other organizations can import them. This establishes a network of trust. For more information, see Microsoft Exchange Server Operations, which is included in the version 5.5 documentation.

Note To enable clients to use S/MIME security, you must install the Outlook 98 QFE version from the Support\Olcsp<security type> directory on the Microsoft Outlook 98 compact disc included with Microsoft Exchange Server 5.5 Service Pack 1.