Install certificates into Outlook 2010-2013 (Step by step guide)
Here is a description in detail, how to install certificates into Outlook 2010-2013.
Before you can digitally sign and encrypt e-mails, you need a client certificate from CAcert.
Then, you have to configure your e-mail client Outlook 2010 to use your certificate. For other e-mail clients, see FAQ/eMailClients.
Install your CAcert certifcate on your computer. For further details see Tutorials - How to import the CAcert Root Certificates to Windows systems, and Client certificates.
Attention! If you used Firefox/Palemoon to generate client certificates, then you probably DO NOT have certificates installed in the Windows repository, where Outlook expects them! In this case, you must export your valid client certificate from the browser's internal storage to a P12 file with a .p12 extension. With the client certificate, the private key and root certificates are also exported to the backup file. Then import its contents into the system - just double-click the file.
- Once you have your certificate installed, you should open Outlook.
Once Outlook is opened, click on the orange File tab at the top left.
On the left hand set of options, click on the Options button.
A window entitled Outlook Options will appear.
On the left-hand pane, click on the Trust Center button at the bottom of the list.
- The right side of the window will change.
Click on the Trust Center Settings button on the bottom right hand side.
A window named, Trust Center will appear.
- On the left hand side you shall see selectable options.
Click on the E-mail Security option on the left hand pane.
Upon clicking on the E-mail Security button, in the right hand pane, you will see a drop down field next to Default Setting:.
Click on the Settings button next to this field.
A new window will appear named Change Security Settings.
In this window, you will see two Choose buttons under the Certificates and Algorithms section.
Choose the certificate
In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Signing Certificate:.
Click on the Choose button directly to the right of this heading.
A new window will appear named, Select Certificate.
In this window, you will choose the CAcert certificate you would like to sign with from a list of certificates installed on this computer. If you are unsure which certificate to choose, you can always highlight a certificate and click on the View Certificate button to see the details for that certificate.
When you have selected the certificate, click on the OK button at the bottom.
When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Signing Certificate field.
Next you will choose the encryption certificate. This is the certificate that other users will use when attempting to encrypt an e-mail to you; that means: send end recieve e-mails in an envelope. In typical use, you will use the same CAcert certificate for both signing and encryption (the exception is for Qualified certificates which are only able to digitally sign e-mails). You can still decrypt an e-mail with an expired certificate.
In the Certificates and Algorithms section of the Change Security Settings window, you should see the heading, Encryption Certificate:. Click on the Choose button directly right of this heading.
- Follow steps two, three and four from above.
When you return to the Change Security Settings window, you should see that the certificate you have chosen has appeared greyed out in the Encryption Certificate field.
When you have finished selecting your Digital Certificate, you can press the OK button at the bottom.
Back in the Trust Center window, you can further configure Outlook 2010 with the way that it uses your certificate. Under the Encrypted e-mail heading, you should see 4 check boxes. These check boxes add various features when using Outlook 2010 and certificates.
- Encrypt contents and attachments for outgoing messages - This will try to encrypt every outgoing message. In order to encrypt to a user, you must have a copy of their public key/certificate in your address book.
Add digital signature to outgoing messages - This will digitally sign every outgoing message using your certificate (recommended).
- Send clear text signed message when sending signed message - This sends a digitally signed message to a recipient who does not use S/MIME.
- Request S/MIME receipt for all S/MIME signed messages - This will request confirmation that a message was received unaltered. Outlook will automatically do this.
Once you have followed this guide and selected a certificate for both the Signing Certificate: and the Encryption Certificate: headings, you will be able to use them while composing an e-mail.
When you have an e-mail open, click on the Options tab at the top of the e-mail.
In the Permission section, directly underneath the top tabs, you should see two buttons named Sign and Encrypt.
Click on the Sign button to depress it to digitally sign this e-mail.
Click on the Encrypt button to depress it to encrypt this e-mail. Note: You must have the recipients public key in order to encrypt an e-mail.
Click on both buttons, Sign and Encrypt to digitally sign and encrypt the message.
After you have finished typing the new e-mail, or the reply/forward, press the Send' button.
To avoid to do so with every e-mail, just think about, how do you want it usually. Then proceed as described in the Options section. Source: QVG/11