Prerequisites
Active Exchange Email services, see Add Hosted Services. |
Summary
S/MIME allows digitally signed and encrypted messages to be sent to and from Exchange mail servers. It provides secure email between sender and recipient providing verification of identity, and message tampering prevention. A digital security certificate must be purchased and the certificate installed before S/MIME can be configured. Please view Microsoft's list of recommend third party companies that provide this service:
The security certificate purchased must match that of the email address hosted with ITSN to work properly. To verify the certificate is installed correctly, in Outlook go to:
Both the sender and recipient will need a certificate for S/MIME to function properly.
|
1. Both parties will need to send a signed email to enable the other to decrypt their encrypted emails. To do this in Outlook open a new email message then:
|
![]() |
2. Click the Security Settings box. |
![]() |
3. In the security properties window select both:
Then click OK. |
![]() |
4. Send out an email to the other party that will be included in the encrypted communication. After the recipient receives the email, the message will need to be opened. Then in the From field right click on the senders name and select Add to Outlook Contacts. |
|
5. In the Contact section the certificate and the contact will be displayed. Verify the certificate, then click Save & Close. |
![]() |
6. Encrypted email transmission is now enabled between the two parties. To enable an encrypted click on the Sign (envelope & ribbon), and Encrypt (envelope & lock) icons located in the Options section. |
![]() |
Outlook Web Access (OWA) Integration
1. The next step in email security would be to connect the digital certificate to Outlook Web Access. Just as in Outlook, OWA must have a certificate installed to enable signed and encrypted emails. This can be accomplished by publishing the certificate to the organizations Global Address List (GAL). To do so in the respective Outlook programs:
From within email security, click the Publish To GAL... button |
![]() |
2. Click OK to confirm and allow Outlook to publish the certificate to the GAL. |
![]() |
3. Shortly thereafter a notification window will appear confirming a successful publication, click OK. With the certificate published it will now be necessary to access webmail and enable the certificate there. |
![]() |
4. In a web browser navigate to the Outlook Web Access portal ( webmail.myhostedservice.com), and login using the full email address and password. |
![]() |
5. On the top right of the screen below the mailbox name, locate, and click on Options. This will redirect the browser to the OWA options screen |
![]() |
6. The left side of screen will feature a column with the various OWA option categories. Click on the last category listed, Settings. Next click on the lock icon entitled S/MIME. In the center of the screen will be a click able link, click Download the S/MIME control. |
![]() |
7. Internet explorer will display a warning window asking to run or save owasmime.msi from ex2010.myhostedservice.com, click Run. |
![]() |
8. After the download completes, User Access Control (UAC) will ask for permission to run the S/MIME download. Click Yes. |
![]() |
9. Back in OWA the browser will prompt to run the add-on, MIME Edit binary behaviour, click Allow. |
![]() |
10. Click again on the S/MIME icon. Options will now be available to enable S/MIME in OWA, click the following options:
Once the options have been enabled click Save. |
|
11. A new email will now have to be created to enable the final few extensions. In the top right of the browser click on My Mail to return to the inbox. |
![]() |
12. Click on the New email icon. |
![]() |
13. Before the new email will load, a notification will once again appear asking to run MIME Edit binary behaviour, click Allow. |
![]() |
14. The new email will display two icons highlighted, an envelope with a Ribbon, and one with a lock. Respectively the two icons allow for digital identity (certificate), and message encryption. |
![]() |
What Is Next?
1 Comments