Outlook ()

Certificate setup in Outlook

Make sure that the following prerequisites are met:

1. You have a valid personal certificate for your KIT email address
2. You have downloaded it in the correct format and successfully installed it in the Windows certificate store

Start Outlook. Select File at the top left and then Options:

Select Trust Center on the lower left and then Trust Center Settings… on the right:

Notice

Some settings in the following steps may be enforced by your organization (e.g., for systems managed by the SCC). In this case, some settings may be grayed out and can be ignored.

Select the Email Security tab on the left. In the Encrypted email section, make the following settings:

• ☐ Encrypt content and attachments for outgoing messages.
• ☑ Add digital signature to outgoing messages.
• ☑ Send clear text signed message when sending signed messages
• ☐ Request S/MIME recipt for all S/MIME signed messages

Then select the Settings button.

Make the following settings:

• ☑ Default Security Setting for this cryptographic message format and
• ☑ Default Security Setting for all cryptographic messages
• Hash Algorithm: SHA256
• Encryption Algorithm: AES (256-bit)
• ☑ Send these certificates with signed messages

Select the correct certificate

If you have installed more than one certificate, you can select the correct one under Signing certificate and Encryption certificate using the Choose… button:

Unfortunately, the dialog is not very helpful in finding the correct certificate. One possible indicator is the validity period; this starts directly when the certificate is issued. You can inspect more characteristics via Click here to view certificate properties:

In the General tab, apart from the validity period, nothing helpful can be found for newer certificates (from Sectigo).

The Details tab contains the email addresses under Subject and the name for personal certificates.

Finish the configuration by closing all dialogs.

Sending signed emails

Open a new email or reply to an existing email. In the Options tab, select the Sign button. With the settings described above, this is the new default setting when sending emails.

Sending encrypted emails

To encrypt messages, select the Encrypt button in the Options tab.

Encryption only possible for recipients with a valid certificate

To send encrypted emails, these two requirements must be met:

1. A valid certificate exists for all receiving email addresses 2) Outlook must know these certificates. For KIT email addresses, this is usually done automatically by the GAL.

Reference documention from Microsoft

• Get a digital ID
• Secure messages by using a digital signature
• Encrypt email messages
• Verify the digital signature on a signed email message