Knowledge Base
How to Configure an email (S/MIME) certificate on Outlook 2016
Overview
By the end of this article, you will be able to sign and encrypt email in Microsoft Outlook 2016 using your Sectigo email certificate (an S/MIME certificate). The article walks through importing the certificate into Outlook, assigning it as your signing and encryption certificate, and turning signing and encryption on — either per message or by default. If your certificate is on another computer or in another browser, you first export it as a Public Key Cryptography Standards #12 (PKCS #12) file (with a .pfx or .p12 extension) and copy it to the Outlook computer. Signing proves an email came from you and was not changed in transit; encryption ensures only the recipient can read it.
Prerequisites
-
A Sectigo email (S/MIME) certificate.
-
Microsoft Outlook 2016 installed.
-
If you applied for the certificate using Internet Explorer on the same computer as Outlook, it may already be installed — you can skip to “Assign your certificate.”
-
If you collected the certificate in Firefox, or it is on a different computer, first export it as a Public Key Cryptography Standards #12 (PKCS #12) file (a .pfx or .p12 file). Move it to the Outlook computer by emailing it to yourself or copying it with a Universal Serial Bus (USB) drive, then follow the import steps below.
Import your certificate into Outlook 2016
-
Open Outlook 2016 and click File > Options.
-
In the Outlook Options window, click Trust Center > Trust Center Settings.
Figure 1. In Outlook Options, click Trust Center, then Trust Center Settings.
-
In the Trust Center, select E-mail Security, then click Import/Export.
Figure 2. On the E-mail Security tab, click Import/Export.
-
Select “Import existing Digital ID from a file,” browse to your PKCS #12 (.pfx or .p12) certificate file, and click Open.
-
Enter the password you set when exporting the certificate, type a Digital ID name, then click OK.
Figure 3. Browse to your PKCS #12 file, enter the export password, and add a Digital ID name.
-
Choose the security level for storing the private key on your system, then click OK.
Figure 4. Choose the security level for storing the private key, then click OK.
You have now imported your Sectigo email certificate into Outlook 2016.
Sign and encrypt mail
Signing an email tells the recipient the message came from you and was not modified in transit. Encrypting an email ensures only the recipient can read its content and attachments.
Note: To encrypt mail to someone, you must already have that person's email certificate in your certificate store. Ask the contact to send you a signed email; when you receive it, their certificate is added to your store automatically, and you can then send signed or encrypted mail to them.
Assign your certificate
-
Open Outlook 2016 and click File > Options.
-
In the Outlook Options window, click Trust Center > Trust Center Settings.
-
In the Trust Center, select E-mail Security, then click Settings.
Figure 5. In Change Security Settings, click Choose for the signing and encryption certificates.
-
Next to Signing Certificate, click Choose, select your Sectigo email certificate, then click OK.
-
Repeat for Encryption Certificate, choosing the same Sectigo email certificate.
-
Click OK to return to the Trust Center. To confirm a certificate before choosing it, highlight it and click View Certificate.
Sign and encrypt an individual email
-
Compose a new email, or reply to or forward an existing one.
-
On the message ribbon, click Options, then click Sign, Encrypt, or both, depending on what you need.
Figure 6. On a message, open Options and click Sign, Encrypt, or both.
The email is signed and/or encrypted when you send it.
Sign and encrypt all email by default
-
Open Outlook 2016 and click File > Options.
-
In the Outlook Options window, click Trust Center > Trust Center Settings.
Figure 7. In Outlook Options, click Trust Center, then Trust Center Settings.
-
Select E-mail Security.
Figure 8. On the E-mail Security tab, set the default encrypt and sign options.
-
To encrypt every message, check “Encrypt contents and attachments for outgoing messages.”
-
To sign every message, check “Add digital signature to outgoing messages.”
-
Leave either box unchecked to sign or encrypt only on an individual basis. Many users sign every message by default and encrypt only when a message needs confidentiality.
How to verify success
Send a test email to yourself with Sign (and, if you have your own certificate in your store, Encrypt) turned on. If the message sends without a certificate error and arrives with a signed or encrypted indicator, your Sectigo email certificate is configured correctly.
Similar questions
-
How do I import a Sectigo S/MIME certificate into Outlook 2016?
-
How do I sign or encrypt a single email in Outlook 2016?
-
How do I turn on signing and encryption for all Outlook email by default?
Need assistance?
Contact our team for help with your purchase or issuing your certificate.