How do I configure Outlook 2003 to use a certificate for digitally signed and encrypted email?
For details not covered in this article, please see Microsoft Outlook Help. This article assumes you are using Outlook 2003.
Please make sure you are running Kerio MailServer 6.0.9 or above. Digitally encrypted email does not work with versions prior to 6.0.9.
In order to send digitally signed or encrypted email, you will need a digital certificate. After obtaining a digital certificate, you will need to import it into Outlook. Finally, in order to send or receive encrypted email, you will need the digital certificate of your contact.
Obtaining a Digital Certificate
Digital certificates for email signing and security are available from SSL certificateSSL certificates are used to authenticate an identity on a server. vendors. http://www.thawte.com/ provides a free email certificate.
If presented with a choice, choose an S/MIMESecure/Multipurpose Internet Mail Extensions - Email protocol based on SMTP used to digitally sign and encrypt messages. certificate, also known as an X.509 certificate. You will need to get this certificate to a "Personal Information Exchange - PKCS" format. This format can be imported into Outlook.
Typically this certificate will be saved to your certificate store.
Exporting Your Certificate from the Certificate Store
- Open Internet Explorer.
- Select the "Tools" menu, then select "Internet Options". Select the "Content" tab, then select the "Certificates" button.
- Select your certificate from the list and press the "Export" button to start the Wizard.
- When prompted, choose to export your private key.
- Choose to export as Personal Information Exchange - PKCS #12. Enable the "strong protection" checkbox.
- Enter a certificate password when prompted. Do not forget this password, as you will need it to import the certificate into Outlook.
- Choose a filename and location for the export file.
- Press "Finish" and "OK" until you receive confirmation that the file has exported. You should now have a .pfx certificate file.
Importing Your Certificate Into Outlook
- Open the "Tools" menu, and choose "Options".
- Select the "Security" tab. Under "Digital IDs", click the "Import/Export" button.
- Browse to your digital certificate file, and select it.
- If you set a password on the digital certificate when creating it, enter it here.Enter your Digital ID name. This is typically your email address.
- Press "OK". If you receive a pop-up about "creating a Protected item", press "OK".
- Return to the "Security" tab under "Options". If the import was successful, you will see: "My S/MIME settings (your email address)" in the "Default Setting" field.
- Enable the "Add digital signature to outgoing messages" if you wish all outgoing email to be digitally signed.
Sending Digitally Signed Email
To send digitally signed email, click on the Digitally Sign icon in the New Message window. This icon looks like a mail icon with a red ribbon. It is located to the right of the "Plain Text / Rich Text / HTML" selection box. Once clicked, the icon will remain highlighted.
Verifying a Digitally Signed Email
A mail that is digitally signed will show a signed icon on your email list, and will show a signed icon in the preview pane.
Sending an Encrypted Email
To send encrypted email, you need:
- A digital certificate
- The digital certificate of the person who is receiving your email
- An entry in your Contacts for the person who is receiving your email
The person receiving your email must also have a certificate. Once they do, you will need to receive the certificate and add the person, with certificate, to your Contacts list. Finally, you will be able to activate the 'encrypt' feature.
- Have the other person send you a digitally signed email.
- Select the person's name in the preview pane, right-click, and select "Add to Contacts".
- When the Add Contact window appears, select the "Certificates" tab and verify that a certificate is listed.
- Click "Save and Close".
Now you can send encrypted email to this user. Create a new email, and click the sign and encrypt icons.