Topics in this chapter   Planning an Upgrade     Upgrading from Previous Versions     Upgrading from Older Versions of Messaging Clients     Upgrading from Schedule+     Sharing Information with Other Versions or Applications     Upgrading to Outlook 2002 Security     Reverting to a Previous Installation

Upgrading to Outlook 2002 Security

If you are upgrading from a version of Microsoft Outlook earlier than Outlook 2000, the first time a user attempts to read or send secure e-mail messages, Microsoft Outlook 2002 triggers a security upgrade feature. To upgrade from Outlook 97 or Exchange Client to Outlook 2002 security, the user's security file (EPF file) must exist on the computer, and the user must know the password. To upgrade from Outlook 98 security, the user must know the Digital ID password. (Users upgrading from Outlook 2000 already have the updated security features.)

During the upgrade process, a Digital ID name is generated for the security keys of each user, which includes one signing key and one encryption key. The user must select a password to associate with the Digital ID name.

The Outlook 2002 upgrade feature attempts to save the security information in a secure store. If the EPF file cannot be found, or the user cannot remember the password, the upgrade feature can be canceled.

If you are using Microsoft Exchange Advanced Security, you can recover the security keys (that is, enroll again) by asking for a new security token from the administrator. The upgrade process must occur before you are security-enabled to send and receive secure e-mail messages.

If you are using Microsoft Certificate Server, or a public Certification Authority such as VeriSign™, Inc., and you forget your password, the following restrictions occur:

• You cannot gain access to your keys.
  
  
• You cannot read encrypted e-mail messages sent to you previously.
  
  
• You must re-enroll to get new Digital IDs.

The following procedure describes how Outlook 2002 users can enroll in security by using Microsoft Exchange Key Management Server (KMS). Before you begin this procedure, contact the system administrator for a security token. The request for security enrollment uses this token.

To enroll in security or obtain a certificate using Microsoft Exchange KMS

1. On the Tools menu, click Options, and then click the Security tab.
   
   
2. Click Get a Digital ID, select Set up Security for me on the Exchange Server, and then click OK.
   
   
3. In the Digital ID name box, type the name you want to use; in the Token box, type your security token, and then click OK.

   A message is sent to Microsoft Exchange KMS. After you receive a reply, Outlook 2002 attempts to store your security keys in the secure store.

4. Select a password for your Digital ID.

   You are prompted for the password every time you gain access to the keys. However, you can choose to have Outlook 2002 remember the password for a limited period of time.

5. Click OK to save your changes.
   
   
6. To add the certificate to the Root Store, click Yes.

   The dialog box provides the required information about the certificate. If you click No, you experience problems when you attempt to read and send secure messages, and you must repeat the entire enrollment process.

The following procedure describes how Outlook 2002 users can enroll in security by using public certificate authorities.

To enroll in security or obtain a certificate by using external certificate authorities

1. On the Tools menu, click Options, and then click the Security tab.
   
   
2. Click Get a Digital ID, select Get a S/MIME certificate from an external Certification Authority, and then click OK.

   A Microsoft Web page provides information about obtaining a certificate. The page lists a number of certificate authorities.

3. Select the link to the certificate authority that you want to use to obtain a certificate.

   While your Web browser is storing your certificate and keys on your computer, you might be prompted to select the security level to associate with your keys.

4. When prompted, select a password for your Digital ID.

   You are prompted for the password every time you gain access to the keys. However, you can choose to have Outlook 2002 remember the password for a limited period of time.

5. To add this certificate to the Root Store, click Yes.

   While storing the certificates, you might be prompted to save the root certificate. The dialog box provides the required information about the certificate. If you click No, you experience problems when you attempt to read and send secure messages. When you experience such problems, contact your certification authority to install another copy of the root certificate.

After the certificate and keys are installed, Outlook can access and use them.

See also

There are several options to choose from when you set up security for your Outlook 2002 users. For more information about Outlook security, see Outlook 2002 Security Model.