How to Exchange S/MIME Encrypted Email 

Requirements

• An S/MIME email certificate installed on the device or account used for email communication.
• Ideally, the certificate should be issued by a public Certificate Authority (CA) to ensure automatic trust by most systems.
• A mail application that supports S/MIME (such as Microsoft Outlook).

Steps to Exchange S/MIME Encrypted Emails

Step 1: Send a Digitally Signed Email

• Compose an email addressed to the relevant contact within the organization.
• Enable the "Sign" (S/MIME) feature in the mail application.
• Send the email.

This action allows the recipient’s mail system to store the sender’s public key.

Step 2: Receive a Digitally Signed Reply

• Upon receipt, the organization will respond with a digitally signed email.

This ensures that the sender’s mail application stores the organization’s public key.

Step 3: Begin Sending Encrypted Messages

• Compose the intended message and select the "Encrypt" (S/MIME) option; signing the message is optional but recommended.
• Only recipients possessing the corresponding private key will be able to decrypt and read the message.

Maintaining S/MIME Functionality

• Renew the email certificate prior to its expiration date.
• If devices are changed or access is lost, restore the certificate and private key, or utilize the organization’s key recovery process to maintain access to previously encrypted emails.

Important Considerations

• If an email disclaimer, confidentiality banner, or similar legal text is appended after sending, S/MIME may interpret this as tampering and the message may become invalid.
• Disable such banners for S/MIME signed or encrypted emails or include any necessary legal text within the standard email signature before signing.

Troubleshooting Guidance

• Unable to encrypt messages to the organization: Request a digitally signed email from the designated contact to obtain their public key.
• Signature appears invalid or tampered: A server may have modified the email (e.g., by adding a disclaimer). Disable banners for S/MIME-protected messages.
• Cannot open an encrypted message: Ensure the private key is present on the device or account. If necessary, recover the key from a backup or seek IT support.
• Certificate expired: Renew the certificate and send a new digitally signed email to update the public key on the recipient’s system.

Optional Email Template

Subject: Exchanging S/MIME Keys for Encrypted Email

Hi,

Please find attached a digitally signed email for public key exchange purposes. Kindly reply with a digitally signed message so that keys may be stored reciprocally. Once signed emails are exchanged, encrypted communication can commence.

Thank you.

Support

For technical assistance related to certificate installation and S/MIME setup, contact Sectigo support. If specific errors occur, provide detailed information to your contact for further assistance.