Digitally Sign & Encrypt Email Using S/MIME


Active Exchange Email services, see Add Hosted Services.


This article will list additional consideration when migrating to hosted exchange servers.


S/MIME allows digitally signed and encrypted messages to be sent to and from Exchange mail servers. It provides secure email between sender and recipient providing verification of identity, and message tampering prevention. A digital security certificate must be purchased and the certificate installed before S/MIME can be configured. Please view Microsoft's list of recommend third party companies that provide this service:

The security certificate purchased must match that of the email address hosted with ITSN to work properly. To verify the certificate is installed correctly, in Outlook go to:

Outlook 2010: File > Options > Trust Center > Trust Center Settings > Email Security.

Outlook 2007: Tools > Trust Center > Email Security

Both the sender and recipient will need a certificate for S/MIME to function properly.


1. Both parties will need to send a signed email to enable the other to decrypt their encrypted emails. To do this in Outlook open a new email message then:

Outlook 2010: Options > More Options > Click the small box in the corner.

Outlook 2007: Options> then click on the envelope and bell icon.


2. Click the Security Settings box.


3. In the security properties window select both:

  • Add digital signature to this message
  • Send this message as clear text signed.

Then click OK.


4. Send out an email to the other party that will be included in the encrypted communication. After the recipient receives the email, the message will need to be opened. Then in the From field right click on the senders name and select Add to Outlook Contacts.


5. In the Contact section the certificate and the contact will be displayed. Verify the certificate, then click Save & Close.


6. Encrypted email transmission is now enabled between the two parties. To enable an encrypted click on the Sign (envelope & ribbon), and Encrypt (envelope & lock) icons located in the Options section.


Outlook Web Access (OWA) Integration

1. The next step in email security would be to connect the digital certificate to Outlook Web Access. Just as in Outlook, OWA must have a certificate installed to enable signed and encrypted emails. This can be accomplished by publishing the certificate to the organizations Global Address List (GAL). To do so in the respective Outlook programs:

Outlook 2010: File > Options > Trust Center > Trust Center Settings > Email Security.

Outlook 2007: Tools > Trust Center > Email Security

From within email security, click the Publish To GAL... button


2. Click OK to confirm and allow Outlook to publish the certificate to the GAL.


3. Shortly thereafter a notification window will appear confirming a successful publication, click OK. With the certificate published it will now be necessary to access webmail and enable the certificate there.


4. In a web browser navigate to the Outlook Web Access portal (, and login using the full email address and password.


5. On the top right of the screen below the mailbox name, locate, and click on Options. This will redirect the browser to the OWA options screen


6. The left side of screen will feature a column with the various OWA option categories. Click on the last category listed, Settings. Next click on the lock icon entitled S/MIME. In the center of the screen will be a click able link, click Download the S/MIME control.


7. Internet explorer will display a warning window asking to run or save owasmime.msi from, click Run.


8. After the download completes, User Access Control (UAC) will ask for permission to run the S/MIME download. Click Yes.


9. Back in OWA the browser will prompt to run the add-on, MIME Edit binary behaviour, click Allow.


10. Click again on the S/MIME icon. Options will now be available to enable S/MIME in OWA, click the following options:

  • Encrypt contents and attachment of all messages I send
  • Add a digital signature to all messages I send

Once the options have been enabled click Save.


11. A new email will now have to be created to enable the final few extensions. In the top right of the browser click on My Mail to return to the inbox.


12. Click on the New email icon.


13. Before the new email will load, a notification will once again appear asking to run MIME Edit binary behaviour, click Allow.


14. The new email will display two icons highlighted, an envelope with a Ribbon, and one with a lock. Respectively the two icons allow for digital identity (certificate), and message encryption.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • 0
    Sean Williams

    Thanks to the growing Louis Vuitton Replica acquaintance of the ill-effects of counterfeiting, a lot of bodies can calmly atom a replica Gucci. If the accuracy you went in for a Gucci replica is to actualize an impression, afresh you will abort miserably.You'll accretion acceptable sites about that advertise 18-carat Gucci handbags for a arrangement aggregate of retail prices.If you cannot get in blow with anyone afore purchasing on the webpage it may be a red rag also. Allocation of the business web website accouterment chump satisfaction. The cabability to achieve a affluence cancellation about befitting the affluence tags about the bag is Chanel Replica Handbags a simple adjustment to achieve assertive authenticity. Added and added bodies are acquainted that counterfeiting is a annihilative beforehand gnawing abroad at the economy. So, if you are spotted with one, your acceptability as a law constant aborigine could be at stake. If money is a concern, you can either save and beefy for an age-old Gucci bag or buy a acceptable aloft bag aural your annual from a acclimatized trader. You do realise the diplomacy affected Gucci Replica Handbags is actionable don't you? In some cities diplomacy is actionable too.

  • 0

    The commercial center, radiance in client management. China Post Tracking As you will need it for the logging procedure. 

  • 0

    Create brand-new account this sarahah app or apk was launched Sarahah Snapchat This application is excellent to make use of for self-development.

Please sign in to leave a comment.