UW Digital ID (Win) - Configuring Outlook 2016 for Windows to use a UW Digital Certificate
PKI can be used with Outlook 2016 to send secure, digitally encrypted email. This document outlines the necessary steps to configure a UW Digital Certificate for Microsoft Outlook 2016 for Windows.
Before you can use your UW Digital Certificate, you must first have it downloaded and installed on your computer:
- Choose "File" tab in the Outlook menu bar
- Choose "Options"
- Choose "Trust Center"
- Choose the "Trust Center Settings..." button
- Choose "E-mail Security"
- Click the "Settings..." button
- Click "OK" to save this Security Setting.
To define your security settings and to specify which certificate you wish to use you need to define your default security settings. To do so you need to click the "Settings..." button. You will then see the following screen, (if you do not have your Digital ID set up follow the document at the top of the page): You can create different security settings and give these separate names. You can define the following settings: Secure Message Format (type of e-mail)
Digital Signature Settings
Security Setting Preferences (setting defaults)
The first step is to give your setting a name, this you can choose yourself: The "Digital Signature" settings allow you too choose the certificate you wish to use for signing your emails. If you click the "Choose..." button you will be presented by an overview of your personal certificates: You can view each certificate by first selecting a certificate and then clicking on the ‘Click here to view certificate properties’ link. You will now have a screen which gives an overview of the certificate: When you find the certificate you want to use select it and click "OK": The certificate will now be added to both the "Signing Certificate" and "Encryption Certificate" box for this security setting.
Digitally signing your e-mail messages with Microsoft Outlook 2016
- The first step to securing your e-mail messages is to sign them using your digital certificate.
- Open a new email window. In the Options ribbon in the Permission section you will see two Mail Security icons, the red signing icon and selecting this will sign your email with the chosen certificate, the second is the blue encrypting icon and selecting it will encrypt your email (note: you will need the public key of your recipient before you can encrypt your email).
- Your digital signature enables the recipient of your message to verify that you actually sent the message and that it was not altered along the route. Digitally signing your email will also give the recipient a copy of your public key, this will allow the recipient to send you encrypted emails in the future.
- When you digitally sign your message, it does not mean that no one can intercept or read your message. Digitally signing a message does not affect the contents of the message in any way or protect the message from being intercepted and read by someone other than the intended recipient.
- To ensure that only the recipient can read a message, you must also encrypt the message.
- If the recipient of your digitally signed message does not use an S/MIME–enabled e-mail client, they can still read your message. However, your digital signature appears as an "smime.p7s" attachment and you will be unable to encrypt or decrypt messages with this person.
- If the recipient of your digitally signed message does use an S/MIME–enabled e-mail client, the message will appear with an icon indicating that the message was digitally signed in for example in Outlook it appears with a ribbon. The signed icon shows that the received message was signed:
- The untrusted signature icon shows that the received message was signed by a certificate which was issued by a CA which you do not trust yet (because you have not installed its root certificate or it has been revoked).
- You can setup Outlook to always digitally sign your messages each time you send and you can configure your security settings (as described previously) to sign using a specific certificate.
This icon looks like:
Reference: Microsoft Office Support