A
Andreas.Konrad
Guest
Hi all,
I've implemented secure messaging as described here:
http://www.msexchange.org/tutorials/Email_Security_with_Exchange_2003.html
In my GPO I configured Autoenrollment and checked the two boxex "Renew
expired certificates..." and "Update certificates..."
The renewal period in my template is 6 weeks and the certificate expires
after one year.
Now I'm wondering why it is necessary to keep the old certificate in my
certificate store after getting a new one within the renewal period. If I
remove the old one I am not able to decrypt mails being encrypted by using my
old public key.
I thought the private key remains the same if the certificate is renewed and
I would be able to decrypt mails that are encrypted with both public keys -
the old and the new one.
Can anyone arrange my ideas?
Thanks a lot
Andy
I've implemented secure messaging as described here:
http://www.msexchange.org/tutorials/Email_Security_with_Exchange_2003.html
In my GPO I configured Autoenrollment and checked the two boxex "Renew
expired certificates..." and "Update certificates..."
The renewal period in my template is 6 weeks and the certificate expires
after one year.
Now I'm wondering why it is necessary to keep the old certificate in my
certificate store after getting a new one within the renewal period. If I
remove the old one I am not able to decrypt mails being encrypted by using my
old public key.
I thought the private key remains the same if the certificate is renewed and
I would be able to decrypt mails that are encrypted with both public keys -
the old and the new one.
Can anyone arrange my ideas?
Thanks a lot
Andy