Installing an S/MIME Certificate and Sending Secure Email with Outlook on Windows 10

How to Install an S/MIME Certificate and Send Secure Email with Outlook on Windows 10

 

Time needed: 30 minutes

These instructions detail how to install an S/MIME certificate and send secure email messages with Microsoft Outlook on Windows PCs. Testing was done in Outlook version 1902 on Windows 10 Enterprise, but Outlook has natively supported S/MIME for many years. Please check with Microsoft’s Outlook Support about any issues or specific instructions concerning earlier versions of Outlook and/or Windows.

SSL.com’s S/MIME certificates offer a safe, affordable way to secure your email.
ORDER NOW

  1. Download your certificate.

    Download a PKCS#12 file with your certificate from your SSL.com account by clicking the link supplied in your Certificate Activation Link email and following the on-screen instructions in your web browser. You will be prompted to create a password before downloading the file. (Keep this password secure – you will need it later.) Make sure to keep track of where you saved your PKCS#12 file, and do not lose it. If you lose your private key, you will be unable to read messages encrypted with your public key.

    Note: when downloading your certificate it is possible to choose between the RSA and ECDSA algorithms via the Algorithm drop-down menu. However, ECDSA keys cannot be used for email encryption, so it’s best to leave this set to RSA.

  2. Open Outlook Options.

    In Outlook, select File from the main menu, then click Options.
    Options

  3. Open Trust Center.

    Select Trust Center at the bottom of the menu on the left side of the Outlook Options window.
    Click Trust Center

  4. Open Trust Center Settings.

    Click the Trust Center Settings button.
    Click Trust Center Settings

  5. Select Email Security.

    Select Email Security from the left-hand menu of the Trust Center window.Select Email Security

  6. Click Import/Export.

    Click the Import/Export button, under Digital IDs (Certificates).
    Click Import / Export

  7. Browse for file.

    Make sure Import existing Digital ID from a file is checked, then click Browse…
    Browse for file

  8. Open file.

    Navigate to the PKCS#12 file, then click Open. The filename extension should be .p12.
    Navigate to file

  9. Enter PKCS#12 password.

    Enter the password you used when downloading the PKCS#12 file, then click OK.
    Enter password

  10. Click OK.

    Click OK on the security dialog box that pops up.
    Click OK

  11. Open encrypted email settings.

    Click the Settings button, under Encrypted email.
    Click Settings

  12. Name security settings.

    Enter a name for your security settings.
    Enter security settings name

  13. Choose signing certificate.

    Click Choose, next to Signing Certificate.
    Click Choose

  14. Confirm or select certificate.

    If you have only installed one certificate (as shown here), you can click OK on the Confirm Certificate dialog box that pops up. Otherwise, you will have to choose one from a list of installed certificates.
    Confirm Certificate

  15. Set hash algorithm.

    Set the Hash Algorithm to SHA256.
    Set hash algorithm

  16. Choose encryption certificate.

    Click Choose, next to Encryption Certificate, and click OK on the Confirm Certificate dialog box. Again, if you have more than one certificate, select the same one you chose for Signing Certificate.
    Choose encryption certificate

  17. Close window.

    Click OK to close the Change Security Settings window.

  18. Set S/MIME defaults.

    Set your desired default options for S/MIME email via the four checkboxes under Encrypted email, then click OK to close the Trust Center Window.
    Set S/MIME email options

  19. Set S/MIME options in a new message.

    Now that your S/MIME certificate is installed and configured, you can start sending signed and encrypted messages. Begin by creating a new email message in Outlook. Under Options, you can toggle the encryption and/or digital signature settings for the message.
    Outlook

  20. Allow Outlook to use your private key.

    After sending, click Allow in the Windows Security dialog box that appears, allowing Outlook to use your private key.
    Security dialog box

  21. Potential problem with encryption.

    Note that if you attempt to send encrypted email and do not have your recipient’s public key, you will get an error message giving the option to send the message unencrypted. You can solve this issue by having them send you a signed email message, then adding them as a contact in Outlook.
    Error message

  22. Confirm signature.

    When your contact sends you a signed email, you should see a small ribbon icon in the upper right corner of the message. You can confirm the certificate’s details by clicking the icon.
    Signed message

  23. Add contact (step 1).

    Right-click the sender’s name and select Add to Outlook Contacts.
    Add to Outlook Contacts

  24. Add contact (step 2).

    Click Save and Close to save your contact. You will now be able to send encrypted email to this recipient.
    Save and Close

For more detailed information about S/MIME email, please see our article, Sending Secure Email with S/MIME. You can also check out our blog article, Business Email Compromise and S/MIME Certificates, which discusses the pervasive problem of email-based cyber attacks experienced by business owners and how our services offer strong protection against such threats. 

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.