web analytics
en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

Using Your YubiKey with Outlook on Windows

These instructions will show you how to use an S/MIME certificate installed in a YubiKey to send signed and/or encrypted email in Outlook on Windows.

Note: These instructions assume that you have installed an encryption-enabled S/MIME certificate in the Key Management slot (9c) of your YubiKey. If you have not done so already, please refer to our how-to covering this operation.

Configure Outlook

  1. First, make sure that all necessary supporting certificates (intermediate and root) are installed on your system.
  2. With your YubiKey inserted in the computer, launch Outlook.

    Outlook

  3. Click File, at the upper left in the menu.

    File

  4. Click Options.

    Options

  5. The Outlook Options window will open. Click Trust Center.

    Trust Center

  6. Click the Trust Center Settings button.

  7. Click Email Security.

    Email Security

  8. Click Settings…
    Settings
  9. Click the Choose… button, to the right of Encryption Certificate.

    Choose button

  10. Select a certificate for encryption (note that in the image below, only one encryption certificate is available). Verify that the Subject Name is correct, and that the Issuer is SSL.com Client Certificate Intermediate CA RSA R2. For a certificate on a smart card, you should see the icon shown below to the left of the certificate information, as shown in the image below. You can also check the certificate’s validity dates against the certificate order in your SSL.com account, or get more information (such as the certificate’s serial number) by clicking Click here to view certificate properties. When you are sure the certificate is correct, click OK.

    Select certificate

  11. Next, click the Choose… button to the right of Signing Certificate.

    Choose button

  12. If you installed an S/MIME certificate on a YubiKey with other certificate(s) installed, as shown in our how-to, there may be more than one signing certificate available. For simplicity’s sake, we suggest selecting the same certificate for both encryption and signing. If the More choices link is shown, click it.

    More choices

  13. As can be seen in the screenshot below, both certificates on the smart card share the same Subject Name and Issuer. However, the validity period of the second certificate shown matches the encryption certificate we selected above, so we’ll pick that one for signing too.

  14. If it’s not that easy to tell the difference between the certificates, you can get more information by selecting a certificate and then clicking Click here to view certificate properties.

    Click here to view certificate properties

  15. By clicking the Details tab, you can view information about the certificate and compare it with information in your SSL.com account. For example, below we can see that the serial number matches the parsed certificate as shown in SSL.com’s details for the order.

    Details
    Parsed certificate

  16. You can also get useful information about the certificate by clicking Key Usage. Because this certificate includes Key Encipherment, we can deduce that it is the same one shown by the system as an available encryption key. When you are done getting information about the certificate, close the Certificate Details dialog box by clicking the OK button.

    Key Usage

  17. When you’re finished selecting a signing certificate, click the OK button.

    OK button

  18. Click the OK button to close the security settings dialog box.

    OK button

  19. Click the OK button to close the Trust Center window, then click OK again to close the Outlook Options window.

    OK button

Sign and Encrypt Email in Outlook

  1. Now we’re ready to start sending signed and encrypted messages. Start by creating a new message in Outlook.

    Create email

  2. Click the Options tab.

    Options

  3. Click Sign.

    Sign

  4. Click the Send button to send your message. Note that Sign is highlighted in the ribbon, but Encrypt is not.

    Send

  5. You will be prompted for your YubiKey PIN. Enter the PIN and then click the OK button. If you need help finding your PIN, please read this how-to.

    Enter PIN

  6. To send an encrypted email message, click Encrypt, located to the left of Sign on the ribbon’s Options tab.

    Encrypt

  7. Note that if you do not already have your recipient’s S/MIME certificate with their public key, Outlook will display an error message if you try to send them an encrypted message. If a person sends you a signed email, Outlook will store their certificate so you can send them encrypted email in the future.

    Error message

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com