Knowledge Base

How to Configure an email (S/MIME) certificate on Outlook 2016

 
 

Overview 

By the end of this article, you will be able to sign and encrypt email in Microsoft Outlook 2016 using your Sectigo email certificate (an S/MIME certificate). The article walks through importing the certificate into Outlook, assigning it as your signing and encryption certificate, and turning signing and encryption on — either per message or by default. If your certificate is on another computer or in another browser, you first export it as a Public Key Cryptography Standards #12 (PKCS #12) file (with a .pfx or .p12 extension) and copy it to the Outlook computer. Signing proves an email came from you and was not changed in transit; encryption ensures only the recipient can read it. 

Prerequisites 

  • A Sectigo email (S/MIME) certificate. 

  • Microsoft Outlook 2016 installed. 

  • If you applied for the certificate using Internet Explorer on the same computer as Outlook, it may already be installed — you can skip to “Assign your certificate.” 

  • If you collected the certificate in Firefox, or it is on a different computer, first export it as a Public Key Cryptography Standards #12 (PKCS #12) file (a .pfx or .p12 file). Move it to the Outlook computer by emailing it to yourself or copying it with a Universal Serial Bus (USB) drive, then follow the import steps below. 

Import your certificate into Outlook 2016 

  1. Open Outlook 2016 and click File > Options. 

  1. In the Outlook Options window, click Trust Center > Trust Center Settings. 

Outlook Options window with Trust Center selected and the Trust Center Settings buttonOutlook Options window with Trust Center selected and the Trust Center Settings button
               Figure 1. In Outlook Options, click Trust Center, then Trust Center Settings. 

  1. In the Trust Center, select E-mail Security, then click Import/Export. 

Trust Center on the E-mail Security tab with the Import/Export buttonTrust Center on the E-mail Security tab with the Import/Export button
                                  Figure 2. On the E-mail Security tab, click Import/Export. 

  1. Select “Import existing Digital ID from a file,” browse to your PKCS #12 (.pfx or .p12) certificate file, and click Open. 

  1. Enter the password you set when exporting the certificate, type a Digital ID name, then click OK. 

Import/Export Digital ID dialog with the certificate file and password fieldsImport/Export Digital ID dialog with the certificate file and password fields
                 Figure 3. Browse to your PKCS #12 file, enter the export password, and add a Digital ID name. 

  1. Choose the security level for storing the private key on your system, then click OK. 

Private key security level dialog with the Set Security Level buttonPrivate key security level dialog with the Set Security Level button
                 Figure 4. Choose the security level for storing the private key, then click OK. 

You have now imported your Sectigo email certificate into Outlook 2016. 

Sign and encrypt mail 

Signing an email tells the recipient the message came from you and was not modified in transit. Encrypting an email ensures only the recipient can read its content and attachments. 

Note: To encrypt mail to someone, you must already have that person's email certificate in your certificate store. Ask the contact to send you a signed email; when you receive it, their certificate is added to your store automatically, and you can then send signed or encrypted mail to them. 

Assign your certificate 

  1. Open Outlook 2016 and click File > Options. 

  1. In the Outlook Options window, click Trust Center > Trust Center Settings. 

  1. In the Trust Center, select E-mail Security, then click Settings. 

Change Security Settings dialog with Signing and Encryption Certificate Choose buttonsChange Security Settings dialog with Signing and Encryption Certificate Choose buttons                                   
                             Figure 5. In Change Security Settings, click Choose for the signing and encryption certificates. 

  1. Next to Signing Certificate, click Choose, select your Sectigo email certificate, then click OK. 

  1. Repeat for Encryption Certificate, choosing the same Sectigo email certificate. 

  1. Click OK to return to the Trust Center. To confirm a certificate before choosing it, highlight it and click View Certificate. 

Sign and encrypt an individual email 

  1. Compose a new email, or reply to or forward an existing one. 

  1. On the message ribbon, click Options, then click Sign, Encrypt, or both, depending on what you need. 

Outlook message Options ribbon with the Sign and Encrypt buttons highlightedOutlook message Options ribbon with the Sign and Encrypt buttons highlighted
                     Figure 6. On a message, open Options and click Sign, Encrypt, or both. 

The email is signed and/or encrypted when you send it. 

Sign and encrypt all email by default 

  1. Open Outlook 2016 and click File > Options. 

  1. In the Outlook Options window, click Trust Center > Trust Center Settings. 

Outlook Options window with the Trust Center Settings buttonOutlook Options window with the Trust Center Settings button
                              Figure 7. In Outlook Options, click Trust Center, then Trust Center Settings. 

  1. Select E-mail Security. 

Trust Center E-mail Security tab with the encrypt and digital signature checkboxesTrust Center E-mail Security tab with the encrypt and digital signature checkboxes
                     Figure 8. On the E-mail Security tab, set the default encrypt and sign options. 

  1. To encrypt every message, check “Encrypt contents and attachments for outgoing messages.” 

  1. To sign every message, check “Add digital signature to outgoing messages.” 

  1. Leave either box unchecked to sign or encrypt only on an individual basis. Many users sign every message by default and encrypt only when a message needs confidentiality. 

How to verify success 

Send a test email to yourself with Sign (and, if you have your own certificate in your store, Encrypt) turned on. If the message sends without a certificate error and arrives with a signed or encrypted indicator, your Sectigo email certificate is configured correctly. 

Similar questions 

  • How do I import a Sectigo S/MIME certificate into Outlook 2016? 

  • How do I sign or encrypt a single email in Outlook 2016? 

  • How do I turn on signing and encryption for all Outlook email by default? 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Call us today