Education Center

Guide to Setting Up S/MIME in Microsoft Outlook in 6 steps

Author avatar

Fabiola Vega Padilla

International Marketing Specialist

Cover image

Secure/Multipurpose Internet Mail Extensions (S/MIME) is an internet standard that allows the sender of an email to protect the confidentiality of the message by encrypting its content with the public key contained in the recipient's S/MIME certificate.

Outlook on the recipient's computer can then decrypt the message with the private key installed on their device. S/MIME is supported natively by Microsoft Windows and Outlook, enabling end-to-end encryption and sender authentication through digital signatures.  

This article provides a detailed guide to installing an S/MIME certificate and setting it up in Microsoft Outlook, ensuring that your email communications are secure and authenticated.  

Guide to Setting Up S/MIME in Microsoft Outlook Guide to Setting Up S/MIME in Microsoft Outlook

1. Getting an S/MIME Certificate 

You can purchase an S/MIME certificate from a Certificate Authority (CA) or retailer, or also obtain one free of charge from Actalis, an Italian CA.

Certificate Authorities provide S/MIME certificate bundles either as a PKCS #12 file (.p12 or .pfx) if they generated the certificate for you, or as a PKCS #7 (.p7b) file if you created the private key on your own computer and submitted a Certificate Signing Request (CSR) to the CA. 

A more efficient solution is to set up EVERTRUST Horizon to automatically enroll and deploy the S/MIME certificates to all your users. This can be done using platforms such as Microsoft Intune or Gmail CSE.

2. Installing the S/MIME Certificate in Outlook 

Note: The instructions provided here were tested with Microsoft Outlook on Windows 10 in March 2021. 

Steps for Installation:  

  1. Download and unzip the certificate bundle if needed  

  2. Launch Outlook and select File > Options from the main menu 

  3. Select Trust Center > Trust Center Settings 

  4. Select Email Security and click the Import/Export button to import the S/MIME certificate  

  5. Browse to the S/MIME certificate file location on your computer 

  6. Locate the Security Profile (i.e., S/MIME certificate) to import into Outlook  

  7. Enter the password associated with the S/MIME certificate (also known as Digital ID or Security Profile)  

 Note: If you obtained the certificate as a .p12 or .pfx file from a certificate authority, they must have also given you the password  

  1. Unless you need enhanced security, leave the security level set to Medium and click OK on the pop-up dialog box 

  2. Allow protected access to your S/MIME certificate's private key 

3. Turning On S/MIME Signing and Encryption 

We will now set up Outlook to digitally sign outgoing mail with the new S/MIME identity. This will allow our email contacts with S/MIME-compatible email software to: 

  • Authenticate the messages we send. 

  • Automatically import our public key so they can use it in the future to send us encrypted emails. 

Steps for Activation: 

  1. Click the Settings button under Encrypted email 

  2. Name your security settings and make sure Cryptography format is set to S/MIME  

  3. Check Default Security Settings for this cryptographic format  

  4. Check Security Settings for all cryptographic messages 

Signing Certificate 

  1. Click Choose… to browse to the S/MIME certificate file and click OK to confirm. 

Encryption Certificate 

  1. Click Choose… to browse to the S/MIME certificate file and confirm. 

  2. Finally, check Send these certificates with signed messages. 

4. Encrypted Email Settings 

Go back to the Email Security tab and set the default options for S/MIME email as below: 

  • Check Encrypt contents and attachments for outgoing messages. 

  • Check Add digital signature to outgoing messages. 

 You should now be able to send emails digitally signed with your S/MIME identity and receive encrypted emails. Outlook should automatically import the S/MIME public key of anyone who sends you a signed email, so you should also be able to send encrypted messages to anyone who has sent you a signed message before.  

Setting up S/MIME in Microsoft Outlook is a detailed but essential process to ensure the security and confidentiality of your emails. By following these steps, you protect your communications through encryption and digital authentication, enhancing security and preventing unauthorized access and phishing attacks.  

Our advanced digital trust solutions seamlessly integrate with existing ecosystems, prioritizing simplicity, efficiency, and minimal disruption. EverTrust manages digital certificates to prevent service interruptions, ensuring data protection and regulatory compliance. Our products Stream and Horizon support key features like holding your own keys, certificate issuance and revocation, and eIDAS compliance.

Deployed on-premises or in the cloud, they streamline integration and manage the entire certificate lifecycle across various devices, keeping your communications secure and reliable. 

Recommended articles


EVERTRUST is a European company that provides a complete solution to manage your certificates. We are a team of experts in security and cryptography.



Use cases


EVERTRUST© 2024 - All rights reserved. Privacy policy Terms & Mentions