Child pages
  • Email Encryption and Signing with Outlook
Skip to end of metadata
Go to start of metadata

This page provides a quick reference for setting up email encryption and digital signing with the IU Exchange email system using the Outlook mail program.  For additional information, see the KB page Sensitive Data Policies and Email Encryption.

  1. Create what is called an S/MIME certificate as follows:
    1. Go to the InCommon Certificate Enroll Page
    2. Fill out the form noting that 1) the access code is "clientcertsatiu", 2) your email address should be your primary IU email (eg. or, and 3) the passphrase is used to manage your certificate but should NOT be your normal IU passphrase.
    3. Click 'Enroll'
    4. You will receive a validation email and will need to click the link in this email
    5. On the web form, for the 'PIN' enter a strong passphrase but note it should not be the same as your IU passphrase or the passphrase you used above.  You will need this PIN in order to install your certificate in Outlook in the following section.
    6. Click 'Validate' but do NOT close your browser
    7. Click 'Download' to download your certificate which will either be a .p12 or .pfx file.  You need to keep this file in a secure place and on the standard SoIC Windows systems with the mapped F: drive we recommend you save it in a folder named "Email Certificate" in this mapped F: drive.  If you are faculty or staff with space on the Apollo file server but don't have the standard F: drive mapping, you an store it at \\\users$\USERNAME\Email Certificate\

  2. Add your new certificate to Windows as follows:
    1. Locate the certificate file you created above.
    2. Right click on the file and select 'Install PFX' or just click on it
    3. Click 'Next' until you are prompted for your PIN which is the passphrase from step 1e above.
    4. Click 'Next' and 'Finish' to complete the import process

  3. Set up Outlook to use your certificate as follows:
    1. Open Outlook
    2. From the File tab select Options > Trust Center > Trust Center Settings > Email Security > Settings...
    3. The 'Security Settings Name' should already be set to something like 'My S/MIME Settings (' so leave it as is.
    4. Click 'Choose...' next to 'Signing Certificate' and you should see your certificate so just click OK.
    5. Click 'Choose...' next to 'Encrypting Certificate' and you should see your certificate so just click OK.
    6. Click 'OK'
    7. If you want to digitally sign (NOT encrypt) all email (which is recommended) check 'Add digital signature to outgoing messages'
    8. Click 'Publish to GAL' and 'OK' twice to upload your certificate.
    9. Click 'OK' twice to finish

Once this is done, you can choose to encrypt messages from the Outlook Options tab while composing the message.  If you elected to sign all outgoing messages above, your messages will automatically be signed so others can verify their authenticity.  If you didn't chose this option, you can manually sign messages from the same Options tab when composing.


  • No labels