How-toImport a S/MIME certificate in Outlook

This how-to explains how employees of the university can use an S/MIME certificate to sign or encrypt emails in Outlook installed on their workstation. This how-to is not applicable to Outlook on the web, Outlook.com or Office 356.

1. To import the user certificate into the Windows certificate store - including Outlook - please double-click the certificate file in Windows Explorer (with the ending .p12). This will start the certificate import wizard.

Import certificate

2. Select "Current User" and click "Next". In the following dialog box, which will show the file to be imported, click "Next again.

Screenshot des Outlook Programms

3. Enter your password for the certificate file and mark the key as exportable. Then click "Next".

Screenshot von outlook

4. Make sure that “Automatically select the certificate store based on the type of certificate” has been selected and click "Next".

5. A final overview will be displayed, which you can close by clicking "Finish".

6. A dialog box will confirm that the import was successful. The certificate, including the private key, has been saved in the Windows certificate store and can now be used, e.g., in Microsoft Outlook. Click "OK".

If you are prompted to insert a smart card at this point instead of receiving a success message, please cancel the import and start again at step 1. This time, enter “Save all certificates in the following storage” in step 4, click on "Browse...", select "My certificates", then click on "OK" and then back in the certificate import wizard on "Next". You can then follow the instructions again from step 5.

Screenshot des Outlook Programms

Integrate certificate into Outlook

7. Open Outlook and click on "File" in the upper left. Select "Options" from the menu on the left and the following window will open.

8. Select "Trust Center" on the left and then click "Trust Center Settings..." on the right.

Screenshot des Outlook Programms

9. Click "Email Security" on the left and then "Settings..." in the window that opens on the right.

Screenshot des Outlook Programms

10. In the drop-down menu under Security Settings Name, select your email address. Change the hash algorithm from the less secure SHA1 to SHA256 and close the window with "OK".

Screenshot des Outlook Programms

11. Make sure that the options "Add digital signatures to outgoing messages" and "Send clear text signed message when sending signed messages" have been selected. Close the Settings for the Trust Center and the Outlook options window by clicking "OK".

Screenshot des Outlook Programms

Sign emails

12. In the window for composing a new email, you can now see that the email will be signed. This option can be switched on or off by clicking on Sign. A dark gray background indicates that it is activated.

Screenshot des Outlook Programms