Situatie
Solutie
Configure Outlook to Send Secure Email
Although several email client applications have options to support digital signatures or encryption (S/MIME), not all email providers organically support S/MIME with third party PKI certificates. S/MIME support often times varies with different tiers of service. Coordinate with your email and workstation administrators to ensure S/MIME capabilities are available on both email servers and user workstations, especially if accessed through a browser.
The following steps pertain to Microsoft Outlook 2016, and may also be applicable to newer versions up through Outlook 2021. These steps may not be applicable to cloud email users, but you may find additional configurations below for both Exchange Online and O365 in Other Helpful References.
- Insert your PIV card in your computer’s smart card reader.
- Browse to File > Options > Trust Center > Trust Center Settings… and select Email Security.
- Click Settings… beneath the Encrypted Email heading.
- Click New to create a new security preference.
- Assign a Security Settings Name (for example, “Secure Email – PIV”).
- Click Choose next to Signing Certificate.
- Select your PIV card’s digital signature certificate and click OK.
- Select SHA256 as the Hash Algorithm.
- Click Choose next to Encryption Certificate.
- Select your PIV card’s digital signature certificate and click OK.
- Select AES (256-bit) as the Encryption Algorithm.
- Enable the Send these certificates with signed messages selection box.
- Click OK three times.
Note: The following screenshot shows an example of a completed security preference configuration.
Publish Your Certificates to the Global Address List
The Global Address List (GAL) is a shared, enterprise-wide contact list in Microsoft Active Directory. Publishing your certificates to the GAL will add your encryption certificate and associated public key to an enterprise address book, making it easier for other internal agency users to send you an encrypted email.
- Insert your PIV card in your computer’s smart card reader.
- Browse to File > Options > Trust Center > Trust Center Settings and select Email Security.
- Click Publish to GAL… beneath the Digital IDs (Certificates) heading.
- Click OK when warned about Outlook publishing your default security certificates to the Global Address List.
- Enter your PIV card PIN when prompted.
- Click OK twice.
Note: The following screenshot shows the location of the Publish to GAL… button.
Send a Signed Email
- Compose an email.
- Click the Options tab.
- Enable the Sign icon (appears as a red ribbon icon).
- Click Send.
- Enter your PIV card PIN when prompted.
Note: The following screenshot shows a signed email.
Send an Encrypted Email
- Compose an email
- Click the Options tab
- Enable the Encrypt icon (appears as a yellow lock icon)
- Click Send.
Note: It is common practice to sign a message when encrypting it below.
Manually Import a User’s Encryption Certificate
When sending an encrypted email, the message is encrypted using the public key in the intended recipient’s certificate. If Outlook cannot find the intended recipient’s public key through the Global Address List, you may need to load it manually.
- Obtain a copy of the intended recipient’s Key Management certificate (you may need to ask the intended recipient to export and share their certificate with you)
- Click the Home tab.
- Click the Address Book.
- Select File > New Entry.
- Select New Contact and then click OK.
- Populate the recipient’s contact information, minimally including name and email address.
- Click the Certificates icon.
- Click Import and browse to the intended recipient’s encryption certificate.
- Click Save & Close and then follow the steps to send an encrypted email.
Note: The following screenshot shows a certificate loaded into a contact entry.
Leave A Comment?