S/MIME provides cryptographic security services for email including authentication, message integrity and data security. S/MIME can be used to digitally sign and encrypt messages sent between your Exchange users.

In order for you to be able to utilize S/MIME, here is what you will need to do:

  1. Obtain individual user email certificates from a public CA like Thawte, VeriSign or Geotrust. You may also use your internal CA (please be aware of all the issues associated with using internal CAs). Make sure that you have both public and private keys (i.e. Encrypted PFX files).
  2. Install certificates on users’ workstations.
  3. Ask users to log in to their Exchange mailboxes using Outlook, import the certificate PFX file, and configure security settings.

Configure S/MIME in Outlook

  1. Configure Email Security setting in Outlook
    • Outlook 2007: Tools > Trust Center > Email Security>OK

    • Outlook 2010/2013/2016:
      1. File tab > Options
      2.  Trust Center > Trust Center Settings > Email Security>OK

  2. Then make the certificate apply to other users within the Exchange account by publishing the certificate information in the Global Address List:
    • Outlook 2007: Tools > Trust Center > Email Security > Publish to GAL> OK

    • Outlook 2010/2013/2016: File tab > Options > Trust Center > Trust Center Settings > Email Security > Publish to GAL>OK

Once this is done, you will see additional Sign and Encrypt buttons in new messages in Outlook, allowing you to sign and encrypt messages.

Configure S/MIME in OWA

To start using S/MIME in OWA, you should go to:

    • OWA 2007: Options > Email Security

    • OWA 2010: Options > See all options > Settings > S/MIME

    • OWA 2013: Settings button > S/MIME Settings

    • OWA 2016: Options > Mail > S/MIME

Important: S/MIME options are available only in Internet Explorer.

Then install the necessary controls. This will make the Sign and Encrypt buttons available on all new messages.

Please note that we do not provide additional support or troubleshooting for S/MIME configuration.