IdenTrust Inc. Logo
Home | Login | Contact Us  

SUPPORT GENERAL ACES ECA TRUSTID SSL
HOW-TO

Support > HOW-TO > Question Back


How do I digitally sign or encrypt an email message?



Outlook 2010, 2013 and 2016

These instructions assume that the certificate is already installed into Windows (Internet Explorer) on the same computer.

How do I install my digital certificate into Outlook 2010, 2013 or 2016 to encrypt email or digitally sign emails?

If you have a Digital Certificate, you can use it to digitally sign and encrypt emails. When you are using Microsoft Outlook as your email client, you will need to first configure Outlook to use your certificate. This document assumes that you have Outlook 2010 configured as your email client (Note: the certificate installation process differs slightly for Outlook 2003 and Outlook 2007).

  1. First you must have your Digital Certificate installed on your computer. Depending on the way that you receive your certificate, you may have to view another knowledge base article on how to install a Digital Certificate on your computer.
  2. Once you have your Digital Certificate installed, you should open Outlook.
  3. Once Outlook is opened, click on the orange File tab at the top left.
  4. On the left hand set of options, click on the Options button.
  5. A window entitled Outlook Options will appear. On the left-hand pane, click on the Trust Center button at the bottom of the list.
  6. The right side of the window will change. Click on the Trust Center Settings button on the bottom right hand side.
  7. A window named, Trust Center will appear. On the left hand side you shall see selectable options. Click on the E-mail Security option on the left hand pane.
  8. Upon clicking on the E-mail Security button, in the right hand pane, you will see a drop down field next to Default Setting: Click on the Settings button next to this field.
  9. A new window will appear named Change Security Settings. In this window, you will see two Choose buttons under the Certificates and Algorithms section.

Signing Certificate

First you will choose the signing certificate. This is the certificate that you will use to digitally sign emails that you send out. The email in the certificate that you have installed on your computer must match the email address that you are using to sign. This certificate must also be valid.

  1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Signing Certificate: Click on the Choose button directly to the right of this heading.
  2. A new window will appear named, Select Certificate. In this window, you will choose the Digital Certificate you would like to sign with from a list of certificates installed on this computer. Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
  3. When you have selected the Digital Certificate, click on the OK button at the bottom.
When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared grayed out in the Signing Certificate field.

Encryption Certificate

Next you will choose the encryption certificate. This is the certificate that other users will use when attempting to encrypt an email to you. In typical use, you will use the same Digital Certificate for both signing and encryption (the exception is for Qualified certificates which are only able to digitally sign emails). You can still decrypt an email with an expired certificate.

  1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Encryption Certificate:. Click on the Choose button directly right of this heading.
  2. A new window will appear named Select Certificate. In this window, you will choose the Digital Certificate you would use for encryption of emails from a list of certificates installed on this computer. Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
  3. When you have selected the certificate, click on the OK button at the bottom.
When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Encryption Certificate field. When you have finished selecting your Digital Certificate, you can press the OK button at the bottom.

Additional Configuration (Optional)

Back in the Trust Center window, you can further configure Outlook 2010 with the way that it uses your Digital Certificate. Under the Encrypted e-mail heading, you should see 4 check boxes. These check boxes add various features when using Outlook 2010 and Digital Certificates.

  1. Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message. In order to encrypt to a user, you must have a copy of their public key/certificate in your address book.
  2. Add digital signature to outgoing messages - This will digitally sign every outgoing message using your Digital Certificate.
  3. Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME.
  4. Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered. Outlook will automatically do this.

Digitally Signing and Encrypting E-Mail

Once you have followed this guide and selected a certificate for both the Signing Certificate: and the Encryption Certificate: headings, you will be able to use them while composing an e-mail.

  1. When you have an email open, click on the Options tab at the top of the email.
  2. In the Permission section, directly underneath the top tabs, you should see two buttons named Sign and Encrypt.
  3. Click on the Sign button to depress it to digitally sign this email.
  4. Click on the Encrypt button to depress it to encrypt this email. Note: You must have the recipient's public key in order to encrypt an email.
  5. Click on both buttons, Sign and Encrypt to digitally sign and encrypt the message.
  6. After you have finished typing the new email, or the reply/forward, press the Send button.




Back to top

Outlook 2011

  • Operating System: Mac OS X
  • Application: Outlook 2011

How do I install my digital certificate into Outlook 2011 for MAC to encrypt email or digitally sign emails?

  1. Make sure that you have imported your certificate into the Mac OS X keychain.
  2. Open Outlook 2011.
  3. In Outlook 2011, select the Tools menu, and then choose Accounts.
  4. Highlight your mail account and click the Advance button.
  5. Click the Security tab.
  6. In the Digital Signing area, click the pop-up menu option.
    Note: The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.
  7. Select your Digital Signing certificate from the list. This typically displays as your first name and last name.
  8. Click Choose.
  9. Select Signing Algorithm SHA-1.
  10. Once you have selected your certificates, set the following options:
    • Select Sign outgoing messages.
    • Select Send digitally signed messages as clear text. This ensures that recipients can read your signed messages. It is especially important if your recipient is using a Web-based or mobile mail client.
    • Select Include my certificates in signed messages. This option includes your public encryption key so that someone else can use it to send you encrypted messages.
  11. In the Encryption area, click the pop-up menu option.
  12. Select your Encryption certificate from the list. This typically displays as your first name and last name.
  13. Select Encryption Algorithm 3DES.
  14. In the Encryption area, we recommend that you do not select the option to Encrypt outgoing messages and attachments by default. ITS recommends that you manually choose encryption for individual messages rather than setting it by default.
  15. Click OK to close the Edit Accounts dialog box and then close the Accounts window.
  16. Send an email to yourself as a test. Based on the options you selected, when you compose new messages, Outlook 2011 shows a lock and one of three options:
    • This message will be Digitally Signed
    • This message will be Encrypted
    • This message will be Digitally Signed and Encrypted
  17. To change the options on a message-by-message basis, when you are composing a new message, click Options tab, click Security, and then click Encrypt Message, Digitally Sign Message, or both select both.



Mozilla Thunderbird

How do I install my digital certificate into Mozilla Thunderbird to encrypt email or digitally sign emails?

Thunderbird has its own certificate storage mechanism that is independent of certificate storages in Windows or other Mozilla products.

Please note that you will need to have backed up your certificate to a file beforehand. If you need assistance with that process, please visit our 'Backup/Export a certificate' page.

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. Click on the 'Account Settings' section, then the 'Security' tab.
  3. Click the 'View Certificates' button, then click on the 'Import' button.
  4. Locate the backup file for your certificate, and click 'Open'.
  5. You will be asked to enter the certificate backup password, and click 'OK'. This is the password you chose when exporting/ backing-up the certificate.
  6. Click 'OK' to close the "Certificate Manager" screen, and 'OK' again to close the "Options" window.

Configure Thunderbird with a default certificate

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. Under your email account heading (you may need to expand it), click on 'Security'.
  3. Next to the box for "Use this certificate to digitally sign messages you send:" click 'Select'.
  4. Choose the correct digital certificate to use.
    • Note that the email address in your email account should match the address in the certificate.
  5. Next to the box for "Use this certificate to encrypt & decrypt messages sent to you:", click 'Select'.
  6. Choose the correct digital certificate to use. (same note as above)
  7. Click 'OK' to finish and save these settings.

(Optional) Configure Thunderbird to sign and/ or encrypt every message

If you would like Thunderbird to digitally sign and/ or encrypt every email message sent, follow these steps. Please note that this is not necessary to do, as you can choose to sign and/ or encrypt each message individually.

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. Under your email account heading (you may need to expand it), click on 'Security'.
  3. If you want to digitally sign all email messages, under "Digital Signing", place a check in the box titled 'Digitally sign messages (by default)'.
  4. If you want to digitally encrypt all email messages, under 'Encryption', make sure the option 'Required' has been selected.
    • Note: to encrypt an email, you must have a copy of the recipient's digital certificate (but not private key).
  5. Click 'OK' to finish and save these settings.

Choose to sign and/ or encrypt individual emails

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. If you want to digitally sign this message, select 'Digitally Sign This Message'.
  3. If you want to encrypt this message, select 'Encrypt This Message'.
    • Note: to encrypt an email, you must have a copy of the recipient's digital certificate (but not private key)
Back to top

Article number: G2512
Last Modified: August 16, 2016






COMMON LINKS
Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: IGC
Support Main
 
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC We self-certify compliance with

© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies Follow us: Follow IdenTrust on Twitter