IdenTrust Inc. Logo
Home | Login | Contact Us  

SUPPORT GENERAL ACES ECA TRUSTID SSL
HOW-TO

Support > HOW-TO > Question Back


How do I digitally sign or encrypt an email message?



Microsoft® Outlook

These instructions assume that the certificate is already installed into Windows (Internet Explorer) on the same computer.

How do I install my digital certificate into Microsoft® Outlook to encrypt email or digitally sign emails?

If you have a Digital Certificate, you can use it to digitally sign and encrypt emails. When you are using Microsoft® Outlook as your email client, you will need to first configure Outlook to use your certificate. This document assumes that you have Outlook 2010 or newer version as the certificate installation process differs slightly for Outlook 2003 and Outlook 2007.

  1. First you must have your Digital Certificate installed on your computer. Depending on the way that you receive your certificate, you may have to view another knowledge base article on how to install a Digital Certificate on your computer.
  2. Once you have your Digital Certificate installed, you should open Outlook.
  3. Once Outlook is opened, click on the orange File tab at the top left.
  4. On the left hand set of options, click on the Options button.
  5. A window entitled Outlook Options will appear. On the left-hand pane, click on the Trust Center button at the bottom of the list.
  6. The right side of the window will change. Click on the Trust Center Settings button on the bottom right hand side.
  7. A window named, Trust Center will appear. On the left hand side you shall see selectable options. Click on the E-mail Security option on the left hand pane.
  8. Upon clicking on the E-mail Security button, in the right hand pane, you will see a drop down field next to Default Setting: Click on the Settings button next to this field.
  9. A new window will appear named Change Security Settings. In this window, you will see two Choose buttons under the Certificates and Algorithms section:
    • Choose Signing Certificate - First you will choose the signing certificate. This is the certificate that you will use to digitally sign emails that you send out. The email in the certificate that you have installed on your computer must match the email address that you are using to sign. This certificate must also be valid.
      1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Signing Certificate: Click on the Choose button directly to the right of this heading.
      2. A new window will appear named, Select Certificate. In this window, you will choose the Digital Certificate you would like to sign with from a list of certificates installed on this computer. Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
      3. When you have selected the Digital Certificate, click on the OK button at the bottom.
      4. When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared grayed out in the Signing Certificate field.
    • Choose Encryption Certificate - Next you will choose the encryption certificate. This is the certificate that other users will use when attempting to encrypt an email to you. In typical use, you will use the same Digital Certificate for both signing and encryption (the exception is for Secure Email certificates which are only able to digitally sign emails). You can still decrypt an email with an expired certificate.
      1. In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Encryption Certificate:. Click on the Choose button directly right of this heading.
      2. A new window will appear named Select Certificate. In this window, you will choose the Digital Certificate you would use for encryption of emails from a list of certificates installed on this computer. Note: If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
      3. When you have selected the certificate, click on the OK button at the bottom.
      4. When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Encryption Certificate field. When you have finished selecting your Digital Certificate, you can press the OK button at the bottom.
    • Additional Configuration (Optional) - Back in the Trust Center window, you can further configure Outlook 2010 with the way that it uses your Digital Certificate. Under the Encrypted e-mail heading, you should see 4 check boxes. These check boxes add various features when using Outlook 2010 and Digital Certificates.
      1. Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message. In order to encrypt to a user, you must have a copy of their public key/certificate in your address book.
      2. Add digital signature to outgoing messages - This will digitally sign every outgoing message using your Digital Certificate.
      3. Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME.
      4. Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered. Outlook will automatically do this.

Digitally Signing and Encrypting E-Mail

Once you have followed this guide and selected a certificate for both the Signing Certificate: and the Encryption Certificate: headings, you will be able to use them while composing an e-mail.

  1. When you have an email open, click on the Options tab at the top of the email.
  2. In the Permission section, directly underneath the top tabs, you should see two buttons named Sign and Encrypt.
  3. Click on the Sign button to depress it to digitally sign this email.
  4. Click on the Encrypt button to depress it to encrypt this email. Note: You must have the recipient's public key in order to encrypt an email.
  5. Click on both buttons, Sign and Encrypt to digitally sign and encrypt the message.
  6. After you have finished typing the new email, or the reply/forward, press the Send button.


Back to top


Microsoft® Outlook for MAC

How do I install my digital certificate into Microsoft® Outlook for MAC to encrypt email or digitally sign emails?

  1. Make sure that you have imported your certificate into the Mac OS X keychain.
  2. Open Outlook.
  3. In Outlook, select the Tools menu, and then choose Accounts.
  4. Highlight your mail account and click the Advance button.
  5. Click the Security tab.
  6. In the Digital Signing area, click the pop-up menu option. Note: The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.
  7. Select your Digital Signing certificate from the list. This typically displays as your first name and last name.
  8. Click Choose.
  9. Select Signing Algorithm SHA-1.
  10. Once you have selected your certificates, set the following options:
    • Select Sign outgoing messages.
    • Select Send digitally signed messages as clear text. This ensures that recipients can read your signed messages. It is especially important if your recipient is using a Web-based or mobile mail client.
    • Select Include my certificates in signed messages. This option includes your public encryption key so that someone else can use it to send you encrypted messages.
  11. In the Encryption area, click the pop-up menu option.
  12. Select your Encryption certificate from the list. This typically displays as your first name and last name.
  13. Select Encryption Algorithm 3DES.
  14. In the Encryption area, we recommend that you do not select the option to Encrypt outgoing messages and attachments by default. ITS recommends that you manually choose encryption for individual messages rather than setting it by default.
  15. Click OK to close the Edit Accounts dialog box and then close the Accounts window.
  16. Send an email to yourself as a test. Based on the options you selected, when you compose new messages, Outlook shows a lock and one of three options:
    • This message will be Digitally Signed
    • This message will be Encrypted
    • This message will be Digitally Signed and Encrypted
  17. To change the options on a message-by-message basis, when you are composing a new message, click Options tab, click Security, and then click Encrypt Message, Digitally Sign Message, or both select both.


Back to top


Mozilla® Thunderbird

How do I install my digital certificate into Mozilla Thunderbird to encrypt email or digitally sign emails?

Thunderbird has its own certificate storage mechanism that is independent of certificate storages in Windows or other Mozilla products.

Please note that you will need to have backed up your certificate to a file beforehand. If you need assistance with that process, please visit our 'Backup/Export a certificate' page.

  1. Within Thunderbird, click on 'Menu', and then hover over the 'Options' or 'Preferences' section.
  2. Click on the 'Account Settings' section, then the 'Security' tab.
  3. Click the 'View Certificates' button, and then click on the 'Import' button.
  4. Locate the backup file for your certificate, and click 'Open'.
  5. You will be asked to enter the certificate backup password, and click 'OK'. This is the password you chose when exporting/ backing-up the certificate.
  6. Click 'OK' to close the "Certificate Manager" screen, and 'OK' again to close the "Options" window.

Configure Thunderbird with a default certificate

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. Under your email account heading (you may need to expand it), click on 'Security'.
  3. Next to the box for "Use this certificate to digitally sign messages you send:" click 'Select'.
  4. Choose the correct digital certificate to use.
    • Note that the email address in your email account should match the address in the certificate.
  5. Next to the box for "Use this certificate to encrypt & decrypt messages sent to you:", click 'Select'.
  6. Choose the correct digital certificate to use. (same note as above)
  7. Click 'OK' to finish and save these settings.

(Optional) Configure Thunderbird to sign and/ or encrypt every message

If you would like Thunderbird to digitally sign and/ or encrypt every email message sent, follow these steps. Please note that this is not necessary to do, as you can choose to sign and/ or encrypt each message individually.

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. Under your email account heading (you may need to expand it), click on 'Security'.
  3. If you want to digitally sign all email messages, under "Digital Signing", place a check in the box titled 'Digitally sign messages (by default)'.
  4. If you want to digitally encrypt all email messages, under 'Encryption', make sure the option 'Required' has been selected.
    • Note: to encrypt an email, you must have a copy of the recipient's digital certificate (but not private key).
  5. Click 'OK' to finish and save these settings.

Choose to sign and/ or encrypt individual emails

  1. Within Thunderbird, click on 'Menu', then hover over the 'Options' or 'Preferences' section.
  2. If you want to digitally sign this message, select 'Digitally Sign This Message'.
  3. If you want to encrypt this message, select 'Encrypt This Message'.
    • Note: to encrypt an email, you must have a copy of the recipient's digital certificate (but not private key)

Back to top


Lotus Notes®

How do I digitally sign or encrypt an email message on Lotus Notes®?

These instructions assume that you already have installed a TrustID Secure Email Certificate on a Windows computer using Internet Explorer and that you want to use that certificate with Lotus Notes on the same computer.

There are four general steps:

  1. Export the certificate from the browser.
  2. Import the certificate to your Notes ID file.
  3. Configure the certificate for Internet mail from Notes.
  4. Use the certificate as you send and receive email from Notes.
The first three steps only have to be done once.

  1. Export the certificate from the browser:
    Please note that you will need to have backed up your certificate to a file beforehand. If you need assistance with that process, please visit our 'Backup/Export a certificate' page.
  2. Import the certificate to your Notes ID file:
    1. In Notes, choose File - Tools - User ID.
    2. Enter your password when requested and click OK.
    3. Go to the More Options panel of the User ID dialog box.
    4. Click the Import Internet Certificates button.
    5. In the Specify File Containing the Internet Certificates dialog box, browse to the file you exported on step, select it, and click Open.
    6. You will be asked for the password to the file. This is the password you chose when exporting the certificate.
    7. You will see a list of several certificates that are contained in the exported digital ID file. Click Accept All.
  3. Configure the certificate for Internet mail from Notes:
    1. Choose File - Tools - User ID.
    2. Go to the Certificates panel of the User ID dialog box.
    3. Scroll down in the Certificates Issued By list until you see the new certificates you just imported.
    4. Select your public key certificate (not the certificate authority certificates). When you select the right certificate, your e-mail address will appear in the Certificates Issued To list.
    5. Make sure that the "This is your default signing certificate" checkbox is selected.
    6. Click OK.
  4. Use the certificate as you send and receive email from Notes:
    1. When composing an e-mail message, click the Delivery Options action button to open the Delivery Options dialog box.
    2. On the Basics tab, select Sign (to authenticate the message) or Encrypt (to make the message secret), or both.
    3. Click OK.
    4. Keep in mind that to send an encrypted e-mail to someone who is not using Notes Mail, you must have that person's public key certificate in your Domino Directory. The certificate, if present, is visible on the Certificates tab of the recipient's Person document under Internet Certificates.

Back to top


Apple Mail®

How do I digitally sign or encrypt an email message on Apple® Mail?

These instructions assume that you already have installed a TrustID Secure Email Certificate on a Windows computer using Internet Explorer and that you want to use that certificate with in Apple Mail.

There three general steps:

  1. Export the certificate from the browser.
  2. Install in OS X
  3. Using your TrustID Secure Email with Apple Mail

  1. Export the certificate from the browser:
    Please note that you will need to have backed up your certificate to a file beforehand. If you need assistance with that process, please visit our 'Backup/Export a certificate' page.

  2. Install the certificate in OS X:
    1. Double-click the file downloaded in the Certificate Manager directory.
    2. OS X Keychain Access will prompt you for the certificate passphrase.
    Note: If this is a token based certificate you will simply install SafeNet® 9, this will automatically make the certificate accessible across your mac.

    The TrustID Secure Email Certificate will be installed on your Mac and will appear in the "My Certificates" section of Keychain Access. The TrustID Secure Email Certificate is now available for Apple Mail, Outlook, and other applications that can use client certificates.

  3. Using your certificate with Apple Mail
    Enabling digital signing and encryption
    If you have just installed your TrustID Secure Email Certificate on your Mac, close Mail and then restart it. Begin composing an email message. A "Signed" icon, containing a checkmark, should be in the lower right of the message header to indicate that the message will be signed. If the "Signed" icon does not appear, select Customize in the lower left of the message header and add the "Lock" and "Signed" icons.

    Signing email
    To send a signed message, verify that the "Signed" icon has a checkmark in it, and not an "x". If the "Signed" icon shows an "x", your message will not be signed. You may not want to sign messages to mailing lists, because S/MIME digital signatures are attachments, which some lists do not accept.

    Encrypting email
    If you have the public certificate for the user or users to whom the messages is addressed, you will be able to encrypt the email message: In the lower right of the message header, click the open lock icon to lock it; when the icon is locked, your email message will be encrypted.

Back to top


Article number: G2512
Last Modified: December 14, 2016



COMMON LINKS
Certificate Management Center
FAQ: Before You Buy
HOW-TO: Backup a Certificate
HOW-TO: Replace a Certificate
FAQ: General
FAQ: ACES
FAQ: ECA
FAQ: IGC
Support Main
 
IdenTrust, Inc. BBB Business Review WebTrust WebTrust Baseline EHNAC EHNAC GSA Schedule SOC
© IdenTrust, Inc. All Rights Reserved.    Home | Contact Us | Legal Policies