Secure/Multipurpose Internet Mail Extensions (S/MIME) is an internet standard that allows the sender of an email to protect the confidentiality of the message by encrypting its content with the public key contained in the recipient's S/MIME certificate.
Outlook on the recipient's computer can then decrypt the message with the private key installed on their device. S/MIME is supported natively by Microsoft Windows and Outlook, enabling end-to-end encryption and sender authentication through digital signatures.
This article provides a detailed guide to installing an S/MIME certificate and setting it up in Microsoft Outlook, ensuring that your email communications are secure and authenticated.
Guide to Setting Up S/MIME in Microsoft OutlookYou can purchase an S/MIME certificate from a Certificate Authority (CA) or retailer, or also obtain one free of charge from Actalis, an Italian CA.
Certificate Authorities provide S/MIME certificate bundles either as a PKCS #12 file (.p12 or .pfx) if they generated the certificate for you, or as a PKCS #7 (.p7b) file if you created the private key on your own computer and submitted a Certificate Signing Request (CSR) to the CA.
A more efficient solution is to set up EVERTRUST Horizon to automatically enroll and deploy the S/MIME certificates to all your users. This can be done using platforms such as Microsoft Intune or Gmail CSE.
Note: The instructions provided here were tested with Microsoft Outlook on Windows 10 in March 2021.
Steps for Installation:
Download and unzip the certificate bundle if needed
Launch Outlook and select File > Options from the main menu
Select Trust Center > Trust Center Settings
Select Email Security and click the Import/Export button to import the S/MIME certificate
Browse to the S/MIME certificate file location on your computer
Locate the Security Profile (i.e., S/MIME certificate) to import into Outlook
Enter the password associated with the S/MIME certificate (also known as Digital ID or Security Profile)
Note: If you obtained the certificate as a .p12 or .pfx file from a certificate authority, they must have also given you the password
Unless you need enhanced security, leave the security level set to Medium and click OK on the pop-up dialog box
Allow protected access to your S/MIME certificate's private key
We will now set up Outlook to digitally sign outgoing mail with the new S/MIME identity. This will allow our email contacts with S/MIME-compatible email software to:
Authenticate the messages we send.
Automatically import our public key so they can use it in the future to send us encrypted emails.
Steps for Activation:
Click the Settings button under Encrypted email
Name your security settings and make sure Cryptography format is set to S/MIME
Check Default Security Settings for this cryptographic format
Check Security Settings for all cryptographic messages
Signing Certificate
Click Choose… to browse to the S/MIME certificate file and click OK to confirm.
Encryption Certificate
Click Choose… to browse to the S/MIME certificate file and confirm.
Finally, check Send these certificates with signed messages.
Go back to the Email Security tab and set the default options for S/MIME email as below:
Check Encrypt contents and attachments for outgoing messages.
Check Add digital signature to outgoing messages.
You should now be able to send emails digitally signed with your S/MIME identity and receive encrypted emails. Outlook should automatically import the S/MIME public key of anyone who sends you a signed email, so you should also be able to send encrypted messages to anyone who has sent you a signed message before.
Setting up S/MIME in Microsoft Outlook is a detailed but essential process to ensure the security and confidentiality of your emails. By following these steps, you protect your communications through encryption and digital authentication, enhancing security and preventing unauthorized access and phishing attacks.
Our advanced digital trust solutions seamlessly integrate with existing ecosystems, prioritizing simplicity, efficiency, and minimal disruption. EverTrust manages digital certificates to prevent service interruptions, ensuring data protection and regulatory compliance. Our products Stream and Horizon support key features like holding your own keys, certificate issuance and revocation, and eIDAS compliance.
Deployed on-premises or in the cloud, they streamline integration and manage the entire certificate lifecycle across various devices, keeping your communications secure and reliable.
EVERTRUST is a European company that provides a complete solution to manage your certificates. We are a team of experts in security and cryptography.
EVERTRUST
Products