Digitally signing email with S/MIME and Outlook 2016

You can use S/MIME certificates, also called “Digital Certificates” or “Personal Certificates”, with most email clients to digitally sign and/or encrypt email messages. In order to digitally sign or encrypt your email, you will need a digital certificate.

Get a certificate

For this example, we will use the free certificate service from Comodo.

Head over to: https://www.comodo.com/home/email-security/free-email-certificate.php

Another Option: https://www.entrustdatacard.com/products/digital-signing-certificates/secure-email-certificates

Once you sign up, you will receive an email with a link to download the digital certificate.

Installing the certificate

Click the link to obtain the certificate.  You will then need to import it.  My system automatically imported it, but as I was running Firefox it went into the Firefox certificate store, rather than the Windows Certificate Store as used by Internet Explorer.

We need the certificate in the Windows Certificate Store so Outlook 2016 can use it.  I accessed the Firefox preferences to locate the certificate.  Preferences > Privacy & Security > Certificates > Your Certificate > (Select Certificate) > Backup.  Choose a safe location and backup the certificate.  You can also delete it from the Firefox Certificate Store.

On the computer to which you’re importing the certificate:

  • Locate your certificate file, right-click the file, and click Install PFX.
  • When the Certificate Import Wizard starts, click Next.
  • On the “File to Import” page, click Next.
  • Enter the passphrase that you used to secure the private key, click Next.
  • On the “Certificate Store” page, leave the default option Automatically select the certificate store based on the type of certificate. Click Next.
  • Click Finish. To complete importing your certificate, click OK.

Also backup your certificate file (the one you just imported) to a safe and secure place.

OPTIONAL: Open the Certificates MMC if you would like to double check its there.  (Start > Run > type: mmc > File > Add Snap-in > Certificates).

Configuring Outlook

Next we need to configure Outlook 2016 S/MIME.

  • Go to: File > Outlook Options > Trust Center > Email Security > Settings.
  • Under the “Security Settings Name” text box, enter a name; this will simply be a label for your security settings, e.g “S/MIME”.
  • Next to “Signing Certificate”, click Choose…. Select your certificate and click OK.
  • Next to “Encryption Certificate”, click Choose…. Select your certificate and click OK twice.
  • To digitally sign all your messages, check ‘Add digital signature to outgoing messages’.

Digitally Sign Email

In Outlook, click New Email to compose a new message. Click the Options tab, and you will see:

Sign: This option digitally signs the message so others can be sure it came from you.
Encrypt: This option encrypts the message content and attachments.

You will see the icon next to signed messages.

 

Compatibility

Email clients not using S/MIME certificates will not be able to view encrypted email. Clients that cannot use S/MIME certificates include OWA accessed using Chrome, Firefox, and Safari.  Email recipients who use one of these clients will be unable to view an encrypted email. However, all mail clients can view digitally signed email.

More?

Digitally signing email with S/MIME and the iPhone / iOS

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published. Required fields are marked *