How to Install an S/MIME Certificate in Outlook on Windows 11 / 10

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a public key encryption and authentication standard used for sending email messages. When a S/MIME certificate is used to sign an email message, it guarantees the receiver of the mail that it was actually sent by you. It can also help you encrypt the message so that they are secured and not spied upon during the transit.

In this article, we will discuss the detailed steps that need to be followed to install this S/MIME certificate for encryption and signing so as to be able to send secure emails using Microsoft Outlook on Windows 11 / 10 PCs.


Steps to Install S/MIME Certificate with Outlook


Step 1: Get your Encryption and Signing certificate


1. Click on the Certificate Activation link received in your email to download the PKCS#12 file containing your certificate from the SSL vendor’s account.

2. Once you log in to your account, you have to click on Generate Certificate.

3. After the certificate is generated, enter a password before you download the certificate. Create a password and click on the Download button and save this file on your PC.

Note: Remember this password as it will be needed during installation or when you want to import the certificate and private key from this file. Also, keep track of the location where this file has been saved so that you don’t lose it.


Step 2: Install Certificate in Outlook


1. Launch MS Outlook on your PC.

2. Click on the File menu.


Outlook File Menu Min


3. Choose Options in the left pane.


Outlook File Menu Options Min


4. Select the Trust Center tab in the Outlook Options window,

5. Click on the Trust Center Settings… button in the right pane.


Outlook Options Trust Center Settings Min


6. Once you are in the Trust Center window, select the Email Security tab on the left side.

7. On the right, in the Digital IDs (Certificates) section select the Import/Export… button.


Trust Center Email0security Import Export Min


8. In the Import/Export Digital ID window that appears, select the option Import existing Digital ID from a file.

9. Now click on the Browse… button to select the file to be imported.


Import Export Browse Min


10. Go to the location where the file is saved. Select it and click on Open.


Locate Security File Open Min


Note: This file will have a .p12 extension.

11. Once the file path is added in Import File, type the file password which was to download this file in the text box next to Password.

12. Click on OK.


Import Export Enter File Pass Min


13. A security dialog pops up indicating that you are importing a new private exchange key. Click on OK again.


Confirm Creation Of0protected Item Min


14. Now you will be back in the Trust Center with the Email Security tab selected. In the Encrypted Email section, click on the Settings… button.


Trust Center Email Security Encrypted Email Settings Min


15. Enter a security settings name in the textbox below Security Settings Name.

16. Click on the Choose… button associated with Signing Certificate.


Change Security Settings Enter Name Click Choose Min


17. If there is only one certificate installed, then click on OK to confirm the certificate. Else, click on More choices and choose one certificate from the list of certificates installed and click on OK.


Windows Securiyt Select Signing Certificate Min


18. Use the drop-down next to the Hash Algorithm and select SHA256.


Select Hash Algorithm Min


19. Click on Choose… to select the Encryption Certificate.


Choose Encryption Certificate Click On Ok Min


20. In the Confirm Certificate dialog, click on OK. It is the same as in Step 17.

21. Click on OK to exit the Change Security Settings window.

22. In the Trust Center, check the boxes next to the required options for S/MIME encrypted email in the Encrypted email section. Click on OK.


Encrypted Email Select Required Settings Min


Now the S/MIME certificate has been successfully installed and can be put to use.


Step 3: Create a Secure Message in Outlook


1. Click on New Email in Outlook to open a new email message.


Outlook New Mail Min


2. Click on the Options menu.

3. In the Encrypt section, you can change between encryption and digital signature settings.

4. To send a signed message, click on Sign before sending the email.


Send New Test Mail Outlook Min


4. Once you send the email message, click on Allow button in the dialog so as to allow the Outlook app to use the private key.


Windows Security Allow App To Acess Private Key Min



5. While sending an encrypted email if the recipient’s public key is not with you, an error message is displayed. You can opt to send an unencrypted message by clicking on Send Unencrypted.


Problems In Encryption Min


This problem can be fixed by asking the recipient to send a signed email. Then add them to your contact list in Outlook. Follow the steps below.

1. When you receive a signed mail from your recipient, there will be a small red ribbon icon in the message at the upper-right corner.

2. Click on the icon to check the certificate details.


Signed Message Min


3. Right-click on the sender’s name and choose the Add to Outlook Contacts option.


Add To Outlook Contacts Min


4. In the new contact page, add any other details if you want to and click on Save & Close. Now Outlook saved this contact with their public key.


Add To Contect List Save Close Min



Now an encrypted mail can be sent to this particular contact with any error.

Thanks for reading.

We hope the steps in this article have helped you to install a S/MIME certificate in Outlook and use it to send signed and encrypted email messages.