## 20191011 AK ---- [[HowToDocuments/Outlook 2010/CY|cymraeg]] | [[HowToDocuments/Outlook 2010/CZ|česky]] | [[HowToDocuments/Outlook 2010/DE|deutsch]] | '''english''' | [[HowToDocuments/Outlook 2010/ES|español]] | [[HowToDocuments/Outlook 2010/FR|français]] | [[HowToDocuments/Outlook 2010/NL|nederlands]] | [[HowTocuments/Outlook 2010/PT|português]] --- [[HowToDocuments|further step by step guides]] ---- == Install certificates into Outlook 2010-2013 (Step by step guide) == Here is a description in detail, how to install certificates into Outlook 2010-2013. <> === Preparations === 1. Before you can digitally sign and encrypt e-mails, you need a client certificate from [[https://www.cacert.org|CAcert]]. 1. Then, you have to configure your e-mail client '''Outlook 2010''' to use your certificate. For other e-mail clients, see [[FAQ/eMailClients]]. 1. Install your CAcert certifcate on your computer. For further details see [[TutorialsHowto|Tutorials]] - [[HowTo/InstallCAcertRoots|How to import the CAcert Root Certificates to Windows systems]], and [[Technology/KnowledgeBase/ClientCerts|Client certificates]]. /!\ Attention! If you used Firefox/Palemoon to generate client certificates, then you probably ''DO NOT have certificates installed in the Windows repository'', where Outlook expects them! In this case, you must export your valid client certificate from the browser's internal storage to a P12 file with a .p12 extension. With the client certificate, the private key and root certificates are also exported to the backup file. Then import its contents into the system - just double-click the file. /!\ === Installation === 1. Once you have your certificate installed, you should open Outlook. 1. Once Outlook is opened, click on the orange ''File'' tab at the top left. 1. On the left hand set of options, click on the ''Options'' button. 1. A window entitled ''Outlook Options'' will appear. 1. On the left-hand pane, click on the ''Trust Center'' button at the bottom of the list. 1. The right side of the window will change. 1. Click on the ''Trust Center Settings'' button on the bottom right hand side. 1. A window named, ''Trust Center'' will appear. 1. On the left hand side you shall see selectable options. 1. Click on the ''E-mail Security'' option on the left hand pane. 1. Upon clicking on the ''E-mail Security'' button, in the right hand pane, you will see a drop down field next to ''Default Setting:''. 1. Click on the ''Settings'' button next to this field. 1. A new window will appear named ''Change Security Settings''. 1. In this window, you will see two ''Choose'' buttons under the ''Certificates and Algorithms'' section. ==== Choose the certificate ==== In the ''Certificates and Algorithms'' section of the ''Change Security Settings'' window, you should see the heading, ''Signing Certificate:''. 1. Click on the ''Choose'' button directly to the right of this heading. 1. A new window will appear named, ''Select Certificate''. 1. In this window, you will choose the CAcert certificate you would like to sign with from a list of certificates installed on this computer. If you are unsure which certificate to choose, you can always highlight a certificate and click on the ''View Certificate'' button to see the details for that certificate. 1. When you have selected the certificate, click on the ''OK'' button at the bottom. When you return to the ''Change Security Settings'' window, you should see that the certificate you have chosen has appeared greyed out in the ''Signing Certificate'' field. Next you will choose the encryption certificate. This is the certificate that other users will use when attempting to encrypt an e-mail to you; that means: send end recieve e-mails in an envelope. In typical use, you will use the same CAcert certificate for both signing and encryption (the exception is for Qualified certificates which are only able to digitally sign e-mails). You can still decrypt an e-mail with an expired certificate. 1. In the ''Certificates and Algorithms'' section of the ''Change Security Settings'' window, you should see the heading, ''Encryption Certificate:''. Click on the ''Choose'' button directly right of this heading. 1. Follow steps two, three and four from above. 1. When you return to the ''Change Security Settings'' window, you should see that the certificate you have chosen has appeared greyed out in the ''Encryption Certificate'' field. When you have finished selecting your Digital Certificate, you can press the ''OK'' button at the bottom. === Options === Back in the ''Trust Center'' window, you can further configure Outlook 2010 with the way that it uses your certificate. Under the Encrypted e-mail heading, you should see 4 check boxes. These check boxes add various features when using Outlook 2010 and certificates. * Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message. In order to encrypt to a user, you must have a copy of their public key/certificate in your address book. * Add digital signature to outgoing messages - This will digitally sign every outgoing message using your certificate ('''recommended'''). * Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME. * Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered. Outlook will automatically do this. === Daily use === Once you have followed this guide and selected a certificate for both the ''Signing Certificate:'' and the ''Encryption Certificate:'' headings, you will be able to use them while composing an e-mail. 1. When you have an e-mail open, click on the ''Options'' tab at the top of the e-mail. 1. In the Permission section, directly underneath the top tabs, you should see two buttons named ''Sign'' and ''Encrypt''. 1. Click on the ''Sign'' button to depress it to digitally sign this e-mail. 1. Click on the ''Encrypt'' button to depress it to encrypt this e-mail. Note: You must have the recipients public key in order to encrypt an e-mail. 1. Click on both buttons, ''Sign'' and ''Encrypt'' to digitally sign and encrypt the message. 1. After you have finished typing the new e-mail, or the reply/forward, press the ''Send' button. To avoid to do so with every e-mail, just think about, how do you want it usually. Then proceed as described in the ''Options'' section. Source: QVG/11 ---- . CategoryTutorials . CategoryStepByStep