Solution
If you have a Digital Certificate, you can use it to digitally sign and encrypt emails. When you are using Microsoft Outlook as your email client, you will need to first configure Outlook to use your certificate. This document assumes that you have Outlook 2003 configured as your email client.
- First you must have your Digital Certificate installed on your computer. Depending on the way that you receive your certificate, you may have to view another knowledge base article on how to install a Digital Certificate on your computer.
- Once you have your Digital Certificate installed, you should open Outlook.
- Once Outlook is opened, click on Tools at the top menu bar.
- Select Options at the bottom of the resulting menu.
- The Options window will appear. Click on the Security tab at the top.
- Upon clicking on the Security tab, you will see a drop down field next to Default Settings. Next to this field will be a Settings button. Click on this Settings button.
- The Change Security Settings window will appear. In this window, you will see two buttons towards the bottom that both say Choose.
Signing Certificate
First you will choose the signing certificate. This is the certificate that you will use to digitally sign emails that you send out. The email in the certificate that you have installed on your computer must match the email address that you are using to sign. This certificate must also be valid.
- In the Certificates and Algorithms section of the Change Security Settings window, you should see the Signing Certificate heading. Click on the Choose button directly to the right of this heading.
- The Select Certificate window will appear. In this window, you will choose the Digital Certificate you would like to sign with from a list of certificates installed on this computer.
Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button.
- When you have selected the Digital Certificate, click on the OK button at the bottom.
Change Security SettingsSigning Certificate
Encryption Certificate
Next you will choose the encryption certificate. This is the certificate that other users will use when attempting to encrypt an email to you. In typical use, you will use the same Digital Certificate for both signing and encryption (the exception is for Qualified certificates which require separate certificates for these actions). You can still decrypt an email with an expired certificate.
- In the Certificates and Algorithms section of the Change Security Settings window, you should see the Encryption Certificate heading. Click on the Choose button directly to the right of this heading.
- The Select Certificate window will appear. In this window, you will choose the Digital Certificate you would use for encryption of emails from a list of certificates installed on this computer.
Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button.
- When you have selected the certificate, click on the OK button at the bottom.
When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Encryption Certificate field. When you have finished selecting your Digital Certificate, you can press OK.
Additional Configuration (Optional)
Back in the Options window, you can further configure Outlook 2003 with the workings of your Digital Certificate. Under the Encrypted e-mail heading, you should see 4 check boxes. These check boxes add various features when using Outlook 2003 and Digital Certificates.
- Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message. In order to encrypt to a user, you must have a copy of their public key/certificate in your address book.
- Add digital signature to outgoing messages - This will digitally sign every outgoing message using your Digital Certificate.
- Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME.
- Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered. Outlook will automatically do this.