This article will cover using the Certificate Authority to encrypt and sign email using S/MIME. S/MIME (Secure/Multipurpose Internet Mail Extensions) is the standard for public key encryption and signing of email. Now you can encrypt email so that no one but the recipient can read them and sign them so that people will know who they came from (called non repudiation). Let’s take a look at encryption first.
1. Open Outlook. Go to Tools-Options and click the Security tab.
2. Press the Settings button.
Click here to see secure email options.
3. Look for a "My S/MIME Settings (your e-mail)" title in the drop down.
Click here to see S/MIME settings.
4. Ensure S/MIME is selected as the Cryptography Format. Ensure the Digital Certificate we have from our CA is present. If not, click Choose and go looking for it.
5. Same thing for the Encryption Certificate section. Ensure the Digital Certificate we are using is present. If not, click Choose and go looking for it.
6. Check Send these certificates with signed messages. Click Ok twice.
That’s all there is to sending messages with encryption. Keep in mind this is fine for a small business but becomes very complicated very quickly when you start adding more users. The second component to this is signing a message. Signing lets the recipient know that you are the one who has issued the email, as long as they trust the certificate authority it was signed by. Here is how to set it up...you’ve already done the legwork.
Type a message and then click the Add a digital Signature to this message icon. It looks like a small envelope with a ribbon beside it.
All Done - Next Steps
That’s all you have to do. The recipient will be able to open your message and know that it is from you and hasn’t been altered in transit. These two steps make it simple and affordable for a small office to send encrypted email back and forth internally. If you want to invest in full fledged email encryption there are a number of third party vendors out there which do a much better job. Learn how to issue SSL certificates for IIS.
