UW Digital ID (Personal Certificate) - Configuring My Email Client (Windows)

This document will guide you through configuring your personal certificate to digitally sign emails on Windows.

Before Configuration

Before you start configuring your email client, you should make sure that you have downloaded and installed your certificate.

Download Instructions:

Installation Instructions: UW Digital ID (Personal Certificate) - Installing My Certificate (Windows and Mac)

Configuring Outlook 2010

  1. Choose "File" tab in the Outlook menu bar

  2. Choose "Options"

    FileOptions.gif
  3. Choose "Trust Center"

  4. Choose the "Trust Center Settings..." button

    TrustCenter.gif
  5. Choose "E-mail Security"

  6. Click the "Settings..." button

    EmailSecurity.gif

    Security Settings

    You will need to define your default security settings before you can digitally sign or encrypt emails. You should see the following screen:

    na

    You can create different security settings and give these separate names. You can define the following settings:

    • Secure Message Format (type of e-mail)
    • Digital Signature Settings
    • Encryption Settings
    • Security Setting Preferences (setting defaults)

    The first step is to give your setting a name, this you can choose yourself:

    na

    The "Digital Signature" settings allow you too choose the certificate you wish to use for signing your emails. If you click the "Choose..." button you will be presented by an overview of your personal certificates:

    ChooseCert.gif

    You can view each certificate by first selecting a certificate and then clicking on the ‘Click here to view certificate properties’ link. You will now have a screen which gives an overview of the certificate:

    CertDetails.gif

    When you find the certificate you want to use select it and click "OK":

    The certificate will now be added to both the "Signing Certificate" and "Encryption Certificate" box for this security setting.

    SecuritySettingsFinish.gif
  7. Click "OK" to save this Security Setting.


Using a Certificate with Outlook 2010

  1. The first step to securing your e-mail messages is to sign them using your digital certificate.

  2. Open a new email window. In the Options ribbon in the Permission section you will see two Mail Security icons, the red signing icon and selecting this will sign your email with the chosen certificate, the second is the blue encrypting icon and selecting it will encrypt your email (note: you will need the public key of your recipient before you can encrypt your email).

    NewEmail.gif
  3. Your digital signature enables the recipient of your message to verify that you actually sent the message and that it was not altered along the route. Digitally signing your email will also give the recipient a copy of your public key, this will allow the recipient to send you encrypted emails in the future.

  4. When you digitally sign your message, it does not mean that no one can intercept or read your message. Digitally signing a message does not affect the contents of the message in any way or protect the message from being intercepted and read by someone other than the intended recipient.

  5. To ensure that only the recipient can read a message, you must also encrypt the message.

  6. If the recipient of your digitally signed message does not use an S/MIME-enabled e-mail client, they can still read your message. However, your digital signature appears as an "smime.p7s" attachment and you will be unable to encrypt or decrypt messages with this person.

  7. If the recipient of your digitally signed message does use an S/MIME-enabled e-mail client, the message will appear with an icon indicating that the message was digitally signed in for example in Outlook it appears with a ribbon.

    Status Icons

    The signed icon shows that the received message was signed:

    na

    The untrusted signature icon shows that the received message was signed by a certificate which was issued by a CA which you do not trust yet (because you have not installed its root certificate or it has been revoked).

    na
  8. You can setup Outlook to always digitally sign your messages each time you send and you can configure your security settings (as described previously) to sign using a specific certificate.

Reference: Microsoft Office Support

Configuring Outlook 2013

The screeenshots shown are from Office 2010, however, the steps are fundamentally the same.

  1. Choose "File" tab in the Outlook menu bar

  2. Choose "Options"

    FileOptions.gif
  3. Choose "Trust Center"

  4. Choose the "Trust Center Settings..." button

    TrustCenter.gif
  5. Choose "E-mail Security"

  6. Click the "Settings..." button

    EmailSecurity.gif

    Security Settings

    You will need to define your default security settings before you can digitally sign or encrypt emails. You should see the following screen:

    na

    You can create different security settings and give these separate names. You can define the following settings:

    • Secure Message Format (type of e-mail)
    • Digital Signature Settings
    • Encryption Settings
    • Security Setting Preferences (setting defaults)

    The first step is to give your setting a name, this you can choose yourself:

    na

    The "Digital Signature" settings allow you too choose the certificate you wish to use for signing your emails. If you click the "Choose..." button you will be presented by an overview of your personal certificates:

    ChooseCert.gif

    You can view each certificate by first selecting a certificate and then clicking on the ‘Click here to view certificate properties’ link. You will now have a screen which gives an overview of the certificate:

    CertDetails.gif

    When you find the certificate you want to use select it and click "OK":

    The certificate will now be added to both the "Signing Certificate" and "Encryption Certificate" box for this security setting.

    SecuritySettingsFinish.gif
  7. Click "OK" to save this Security Setting.


Using a Certificate with Outlook 2013

  1. The first step to securing your e-mail messages is to sign them using your digital certificate.

  2. Open a new email window. In the Options ribbon in the Permission section you will see two Mail Security icons, the red signing icon and selecting this will sign your email with the chosen certificate, the second is the blue encrypting icon and selecting it will encrypt your email (note: you will need the public key of your recipient before you can encrypt your email).

    NewEmail.gif
  3. Your digital signature enables the recipient of your message to verify that you actually sent the message and that it was not altered along the route. Digitally signing your email will also give the recipient a copy of your public key, this will allow the recipient to send you encrypted emails in the future.

  4. When you digitally sign your message, it does not mean that no one can intercept or read your message. Digitally signing a message does not affect the contents of the message in any way or protect the message from being intercepted and read by someone other than the intended recipient.

  5. To ensure that only the recipient can read a message, you must also encrypt the message.

  6. If the recipient of your digitally signed message does not use an S/MIME-enabled e-mail client, they can still read your message. However, your digital signature appears as an "smime.p7s" attachment and you will be unable to encrypt or decrypt messages with this person.

  7. If the recipient of your digitally signed message does use an S/MIME-enabled e-mail client, the message will appear with an icon indicating that the message was digitally signed in for example in Outlook it appears with a ribbon.

    Status Icons

    The signed icon shows that the received message was signed:

    na

    The untrusted signature icon shows that the received message was signed by a certificate which was issued by a CA which you do not trust yet (because you have not installed its root certificate or it has been revoked).

    na
  8. You can setup Outlook to always digitally sign your messages each time you send and you can configure your security settings (as described previously) to sign using a specific certificate.

Reference: Microsoft Office Support

Configuring Outlook 2016

  1. Choose "File" tab in the Outlook menu bar

  2. Choose "Options"

    Select Options
  3. Choose "Trust Center"

  4. Choose the "Trust Center Settings..." button

    Trust Center
  5. Choose "E-mail Security"

  6. Click the "Settings..." button

    Email Security, select settings

    Security Settings

    You will need to define your default security settings before you can digitally sign or encrypt emails. You should see the following screen:

    na

    You can create different security settings and give these separate names. You can define the following settings:

    • Secure Message Format (type of e-mail)
    • Digital Signature Settings
    • Encryption Settings
    • Security Setting Preferences (setting defaults)

    The first step is to give your setting a name, this you can choose yourself:

    na

    The "Digital Signature" settings allow you too choose the certificate you wish to use for signing your emails. If you click the "Choose..." button you will be presented by an overview of your personal certificates:

    ChooseCert.gif

    You can view each certificate by first selecting a certificate and then clicking on the ‘Click here to view certificate properties’ link. You will now have a screen which gives an overview of the certificate:

    CertDetails.gif

    When you find the certificate you want to use select it and click "OK":

    The certificate will now be added to both the "Signing Certificate" and "Encryption Certificate" box for this security setting.

    SecuritySettingsFinish.gif
  7. Click "OK" to save this Security Setting.


Using a Certificate with Outlook 2016

  1. The first step to securing your e-mail messages is to sign them using your digital certificate.

  2. Open a new email window. In the Options ribbon in the Permission section you will see two Mail Security icons, the red signing icon and selecting this will sign your email with the chosen certificate, the second is the blue encrypting icon and selecting it will encrypt your email (note: you will need the public key of your recipient before you can encrypt your email).

    NewEmail.gif
  3. Your digital signature enables the recipient of your message to verify that you actually sent the message and that it was not altered along the route. Digitally signing your email will also give the recipient a copy of your public key, this will allow the recipient to send you encrypted emails in the future.

  4. When you digitally sign your message, it does not mean that no one can intercept or read your message. Digitally signing a message does not affect the contents of the message in any way or protect the message from being intercepted and read by someone other than the intended recipient.

  5. To ensure that only the recipient can read a message, you must also encrypt the message.

  6. If the recipient of your digitally signed message does not use an S/MIME-enabled e-mail client, they can still read your message. However, your digital signature appears as an "smime.p7s" attachment and you will be unable to encrypt or decrypt messages with this person.

  7. If the recipient of your digitally signed message does use an S/MIME-enabled e-mail client, the message will appear with an icon indicating that the message was digitally signed in for example in Outlook it appears with a ribbon.

    Status Icons

    The signed icon shows that the received message was signed:

    na

    The untrusted signature icon shows that the received message was signed by a certificate which was issued by a CA which you do not trust yet (because you have not installed its root certificate or it has been revoked).

    na
  8. You can setup Outlook to always digitally sign your messages each time you send and you can configure your security settings (as described previously) to sign using a specific certificate.

Reference: Microsoft Office Support

Configuring Thunderbird

Note: If your toolbar is missing then press Alt to have the toolbar reappear or you can press Alt\+T to get to the Tools.
  1. Open Thunderbird and select Tools | Account Settings | Security on the account you are modifying.

    1-Alt
  2. Click on the Manage Certificates button ("View Certificates" in newer versions).

    2-UsingPKI
  3. In the "Your Certificates" tab, click on Import. If you are unable to click on Import, see the "Alternative Directions" section below.

    3-UsingPKI
  4. Browse to your certificate, select it, and click Open.

  5. Click OK. You should be back in the "Security" window.

  6. Under "Digital Signing" click Select.

  7. Choose your certificate and click OK.

  8. You will be prompted with a message asking you if you want to use this same certificate for encryption. Click OK if you do (recommended).

  9. Click OK and you should be back in Thunderbird.

Alternative Directions

Some Thunderbird users need to install a file before using a digital certificate. Technicians are looking into the problem, but have developed this workaround.

  1. Open Thunderbird and select Tools | Account Settings | Security.

    1-Alt
  2. Click on the Manage Security Devices button.

    2-Alt
  3. Click on NSS Internal PKCS#11 Module.

    3-Alt
  4. Click Load and browse to the location of the file (the path is usually C:\WINDOWS\System32\eTpkcs11.dll). Select this file and click Open. Accept the default "Module filename." Click the remainder of the OK buttons.

    4-Alt
  5. Under "Digital Signing" click Select. eToken users will be prompted for your password, and then are presented with a screen allowing you to select a certificate. Select the UW-Madison certicate and click OK.

  6. Continue with step 3 of the original instructions.

Unable to locate certificate

On occasion, Thunderbird is unable to find your certificate. If this happens, you should be able to export your certificate and import it directly into Thunderbird. You can follow these instructions to export your certificate: UW Digital ID (Personal Certificate) - Exporting My Certificate (Windows and Mac)


Using a Certificate with Thunderbird

To use your certificate, compose a message and go to the pull down menu under "Security." This menu allows you to sign and/or encrypt messages individual messages.




Keywords:uw digital id certificate cert personal did uwdid sign email emails electronic signature thunderbird windows outlook office encrypt encryption 2016 2013 2010 encrypting signing microsoft   Doc ID:69280
Owner:Charles C.Group:UW Digital ID
Created:2016-12-08 10:26 CSTUpdated:2017-08-10 08:20 CST
Sites:DoIT Help Desk, DoIT Tech Store, UW Digital ID
Feedback:  2   0