S/MIME (Secure/Multipurpose Internet Mail Extensions) is a public key encryption and authentication standard used for sending email messages. When a S/MIME certificate is used to sign an email message, it guarantees the receiver of the mail that it was actually sent by you. It can also help you encrypt the message so that they are secured and not spied upon during the transit.
In this article, we will discuss the detailed steps that need to be followed to install this S/MIME certificate for encryption and signing so as to be able to send secure emails using Microsoft Outlook on Windows 11 / 10 PCs.
Steps to Install S/MIME Certificate with Outlook
Step 1: Get your Encryption and Signing certificate
1. Click on the Certificate Activation link received in your email to download the PKCS#12 file containing your certificate from the SSL vendor’s account.
2. Once you log in to your account, you have to click on Generate Certificate.
3. After the certificate is generated, enter a password before you download the certificate. Create a password and click on the Download button and save this file on your PC.
Note: Remember this password as it will be needed during installation or when you want to import the certificate and private key from this file. Also, keep track of the location where this file has been saved so that you don’t lose it.
Step 2: Install Certificate in Outlook
1. Launch MS Outlook on your PC.
2. Click on the File menu.
3. Choose Options in the left pane.
4. Select the Trust Center tab in the Outlook Options window,
5. Click on the Trust Center Settings… button in the right pane.
6. Once you are in the Trust Center window, select the Email Security tab on the left side.
7. On the right, in the Digital IDs (Certificates) section select the Import/Export… button.
8. In the Import/Export Digital ID window that appears, select the option Import existing Digital ID from a file.
9. Now click on the Browse… button to select the file to be imported.
10. Go to the location where the file is saved. Select it and click on Open.
Note: This file will have a .p12 extension.
11. Once the file path is added in Import File, type the file password which was to download this file in the text box next to Password.
12. Click on OK.
13. A security dialog pops up indicating that you are importing a new private exchange key. Click on OK again.
14. Now you will be back in the Trust Center with the Email Security tab selected. In the Encrypted Email section, click on the Settings… button.
15. Enter a security settings name in the textbox below Security Settings Name.
16. Click on the Choose… button associated with Signing Certificate.
17. If there is only one certificate installed, then click on OK to confirm the certificate. Else, click on More choices and choose one certificate from the list of certificates installed and click on OK.
18. Use the drop-down next to the Hash Algorithm and select SHA256.
19. Click on Choose… to select the Encryption Certificate.
20. In the Confirm Certificate dialog, click on OK. It is the same as in Step 17.
21. Click on OK to exit the Change Security Settings window.
22. In the Trust Center, check the boxes next to the required options for S/MIME encrypted email in the Encrypted email section. Click on OK.
Now the S/MIME certificate has been successfully installed and can be put to use.
Step 3: Create a Secure Message in Outlook
1. Click on New Email in Outlook to open a new email message.
2. Click on the Options menu.
3. In the Encrypt section, you can change between encryption and digital signature settings.
4. To send a signed message, click on Sign before sending the email.
4. Once you send the email message, click on Allow button in the dialog so as to allow the Outlook app to use the private key.
5. While sending an encrypted email if the recipient’s public key is not with you, an error message is displayed. You can opt to send an unencrypted message by clicking on Send Unencrypted.
This problem can be fixed by asking the recipient to send a signed email. Then add them to your contact list in Outlook. Follow the steps below.
1. When you receive a signed mail from your recipient, there will be a small red ribbon icon in the message at the upper-right corner.
2. Click on the icon to check the certificate details.
3. Right-click on the sender’s name and choose the Add to Outlook Contacts option.
4. In the new contact page, add any other details if you want to and click on Save & Close. Now Outlook saved this contact with their public key.
Now an encrypted mail can be sent to this particular contact with any error.
Thanks for reading.
We hope the steps in this article have helped you to install a S/MIME certificate in Outlook and use it to send signed and encrypted email messages.
A software engineer turned into an educator with vast teaching experience in universities. Currently working towards my passion for writing.