Configure Outlook (to sign automatically)
You can configure Outlook to send digitally signed and/or encrypted e-mails. Old certificates can also be replaced with new certificates.
|These instructions were created using Outlook 2016 on Windows 10 (Latest update 23.04.2020).|
You should install your user (S/MIME or X.509) certificate in the certificate store of your Windows system before you begin the configuration of Outlook.
If you have used a browser other than the Internet Explorer when applying for the certificate, you should first export your user certificate and the RSA keypair into a .p12 file and then import this into your Windows certificate store.
If you do not own a certificate, you can apply for one at the DFN-PKI website. For more information please visit "Applying for User Certificate".
Configure Outlook to digitally sign outgoing e-mails
Replace an old certificate with a new certificate (Optional)
If Outlook is already configured to use a certificate, you can replace it with a new certificate (e.g. if the old certificate is expiring).
The new certificate must have been imported into the Windows certificate store.
By selecting "Choose" you can respectively choose the new certificate as your signing certificate and encryption certificate.
Choose stronger signature and encryption algorithms
If you want to add a user certificate for another mail address, you can di it using the button "New" ("Neu").
By clicking this button you empty all the fields and can add a new security setting.
Send a digitally signed e-mail (optional)
Verify the digital signature on a signed e-mail
Click on the signature icon.
Note: a digital signature is not the footer Outlook allows you to append at the end of each e-mail (e.g. Name, Department, Address, Phone, etc).
A digitally signed e-mail (and the corresponding digital signature) is based on cryptographic algorithms and allows the recipient of your e-mail to:
If you click on "Details" you get to see more crypto stuff, e.g. message hash value.
We choose to stay under "Allgemein" and have a closer look at the sender's user certificate.
This is the certificate chain:
For more information: