Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-05-30 15:04:16.0

How do I install my Secure E-mail (S/MIME) Certificate on Microsoft Outlook 2016?

Article Number: 70593

User-added image

Purpose: Secure Email (S/MIME) certificate installation guide
For Secure Email (S/MIME) certificate on Outlook 2016 on Windows OS

User-added image

There's a video for this guide. Watch the video here.

The installation is in four parts:
1) Installing the S/MIME certificate in the personal certificate store
2) Updating Security Settings to link the S/MIME certificate to Outlook profile 
3) Signing and encrypting messages
4) Storing a contact's secure email certificate (S/MIME exchange)

Part 1 of 4: Installing the S/MIME certificate in the personal certificate store

1. After your ECS Enterprise account administrator has approved the enterprise S/MIME request, or after you have placed your personal S/MIME order, you will be sent an email at the address listed on your request. Select that link.

2. Accept the Client Certificate Agreement that is presented in the browser that opens when you select the certificate pick-up link.

User-added image

3. Once you have confirmed you can download the certificate, you are prompted with the below "Web Access Confirmation" pop-up. Select "Yes". The prompt is asking you to allow Entrust Datacard to perform digital certificate operations on your behalf, which is required to allow in order to complete the next steps.

User-added image

4. Your browser will prompt you to download (open or save) a .p12 file. Open the file.

User-added image

5. A Certificate Import Wizard will open. On the first prompt, select "Current User" and then Next.

User-added image

6. Confirm you wish to import the .p12 file from the location shown by selecting Next.

User-added image

7. When you requested the certificate, you were prompted to set up a password to protect the private key. Provide that password here. Also, select "Mark key as exportable..." in case you need to export your certificate in the future.

User-added image

8. Select the option "Automatically select the certificate store based on the type of certificate".

User-added image

9. Complete the Wizard by selecting Finish.

User-added image

10. You certificate has been successfully imported to the personal certificate store.

User-added image
Part 2 of 4: Updating Security Settings to link the S/MIME certificate to Outlook profile

1. Launch Outlook 2016.

2. Select: File | Options

3. Select: Trust Center | Trust Center Settings

User-added image

4. Select: E-mail Security.

5. Click on the settings button.

User-added image

5. Click on the Settings and enter the below settings:
Security Setting Name:  Give the security setting a name. This is just a label.
Cryptographic Format: S/MIME should be selected.
Signing Certificate: Select your secure email certificate – click CHOOSE and select your certificate from the list.
Encryption Certificate: Select your secure email certificate – click CHOOSE and select your certificate from the list.

User-added image

6. Click OK. 

Part 3 of 4: Signing and Encrypting Messages

Now that you have your secure email certificate installed, you can Sign and Encrypt email messages.

User-added image

To Sign an Email Message, simply click the Sign button that now appears on a Compose Message email dialogue under the Options tab. There is no other setup required.

User-added image

When users receive your email, they will see a message that the email has been digitally signed.

However, note to exchange secure emails with someone, there are some additional steps required.

Part 4 of 4: Storing a contact's secure email certificate (S/MIME exchange)

To Encrypt an email Message, you will need to provide your public key to the party you wish to encrypt for, and vice versa.

The recommended way to do this exchange is to send the other party a Signed email to exchange keys

1. Open a new message to send to the contact with whom you wish to exchange public keys. Ensure the message is digitally signed (but not encryptedand hit send. You will be prompted to Allow for your public key to be sent upon sending the email. Select Allow.

User-added image

2. You will need a copy of the recipient's public key to exchange Encrypted email. Have them send you a digitally signed email. After receiving the digitally signed email containing a copy of the other person's public key, Outlook will store the public key. Upon opening the email you will be prompted again. Select Allow to obtain a copy of the public key being sent to you.

User-added image

3. You can make sure the recipients 's certificate and public key have been stored by clicking on Certificates in their contact profile. Add the contact by opening their email, right-clicking on their name and selecting "Add to Outlook Contacts".

4. Click Save and Close.
User-added imageYou can now exchange encrypted emails with that user.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
Australia0011 - 800-3687-7863
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

Affected Products:

  • Entrust Authority Key Release Server 7.0 English Windows