Introduction

If you have a Digital Certificate, you can use it to digitally sign and encrypt emails.  When you are using Microsoft Outlook as your email client, you will need to first configure Outlook to use your certificate.  This document assumes that you have Outlook 2010 configured as your email client (Note: the certificate installation process differs slightly for Outlook 2003 and Outlook 2007).

  1. First you must have your Digital Certificate installed on your computer and have your computer CAC Enabled.
  2. Once you have your Digital Certificate installed, you should open Outlook.
  3. Once Outlook is opened, click on the orange File tab at the top left.
  4. On the left hand set of options, click on the Options button.
  5. A window entitled Outlook Options will appear.  On the left-hand pane, click on the Trust Center button at the bottom of the list.
  6. The right side of the window will change.  Click on the Trust Center Settings button on the bottom right hand side.
  7. A window named, Trust Center will appear.  On the left hand side you shall see selectable options.  Click on the E-mail Security option on the left hand pane.
  8. Upon clicking on the E-mail Security button, in the right hand pane, you will see a drop down field next to Default Setting:Click on the Settings button next to this field.
  9. A new window will appear named Change Security Settings.  In this window, you will see two Choose buttons under the Certificates and Algorithms section.

Signing Certificate

First you will choose the signing certificate. This is the certificate that you will use to digitally sign emails that you send out. The email in the certificate that you have installed on your computer must match the email address that you are using to sign.  This certificate must also be valid.

  1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Signing Certificate:. Click on the Choose button directly to the right of this heading.
  2. A new window will appear named, Select Certificate.  In this window, you will choose the Digital Certificate you would like to sign with from a list of certificates installed on this computer. Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
  3. When you have selected the Digital Certificate, click on the OK button at the bottom.

When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Signing Certificate field.

Encryption Certificate

Next you will choose the encryption certificate.  This is the certificate that other users will use when attempting to encrypt an email to you.  In typical use, you will use the same Digital Certificate for both signing and encryption (the exception is for Qualified certificates which are only able to digitally sign emails).  You can still decrypt an email with an expired certificate.

  1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Encryption Certificate:. Click on the Choose button directly right of this heading.
  2. A new window will appear named Select Certificate.  In this window, you will choose the Digital Certificate you would use for encryption of emails from a list of certificates installed on this computer.  Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
  3. When you have selected the certificate, click on the OK button at the bottom.

When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Encryption Certificate field.  When you have finished selecting your Digital Certificate, you can press the OK button at the bottom.

Additional Configuration (Optional)

Back in the Trust Center window, you can further configure Outlook 2010 with the way that it uses your Digital Certificate.  Under the Encrypted e-mail heading, you should see 4 check boxes.  These check boxes add various features when using Outlook 2010 and Digital Certificates.

  • Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message.  In order to encrypt to a user, you must have a copy of their public key/certificate in your address book.   
  • Add digital signature to outgoing messages - This will digitally sign every outgoing message using your Digital Certificate.   
  • Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME.   
  • Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered.  Outlook will automatically do this.

Digitally Signing and Encrypting E-Mail

Once you have followed this guide and selected a certificate for both the Signing Certificate: and the Encryption Certificate: headings, you will be able to use them while composing an e-mail.

  1. When you have an email open, click on the Options tab at the top of the email.
  2. In the Permission section, directly underneath the top tabs, you should see two buttons named Sign and Encrypt.
  3. Click on the Sign button to depress it to digitally sign this email.
  4. Click on the Encrypt button to depress it to encrypt this email. Note: You must have the recipients public key in order to encrypt an email.
  5. Click on both buttons, Sign and Encrypt to digitally sign and encrypt the message.
  6. After you have finished typing the new email, or the reply/forward, press the Send button.


Published

22 June 2012

Tags