This guide describes how to integrate a personal certificate for signing and encrypting emails in Microsoft Outlook for Windows. To do this, you need a certificate, which must be available as a .p12 file.
How do I request a personal certificate?

Please note the information on Email Encryption.

 

  1. Before you start with these instructions, please make sure that you have installed the certificate in the Windows certificate store.
    See the following FAQ article: Installing a certificate in the Windows certificate store

  2. Open the Outlook client. 

  3. Then go to "File" and afterwards to "Options" in the top menu.
     

    Explanatory screenshot to the previous description with a marker on "Options"
    Screenshot MS Outlook: File menu
  4. Now click on "Trust Center" and then on "Trust Center Settings".
     

    Explanatory screenshot to the previous description with a marker on "Trust Center Settings"
    Screenshot MS Outlook: Outlook Options
  5.  Choose then Email Security on the left handed menuebar.
    Check the boxes "Encrypt contents and attachments for outgoing messages", "Add digital signature to outgoing messages" and "Send clear text signed message when sending signed messages". You can adjust these settings as required when composing a message. Now click on "Settings".
     

    Explanatory screenshot of the previous description with marker on "Settings"
    Screenshot MS Outlook: Trust Center "Settings"
  6. Now enter the following text in ‘Name of security setting:’:
    ‘My S/MIME settings (firstname.surname@[mailbox.]tu-dresden.de)’
    Select the following two ckeck boxes, if you set up your personal email address
    ‘Default settings for this cryptographic message format’,
    Default security setting for all cryptographic messages’

    Then Choose the actual certificate with the "Choose"-Button within the area for "Signing Certificate". 
    Outlook uses the hash algorithm "SHA1" by default. Change this value to at least "SHA256". The encryption algorithm must be "AES (256-bit)".
    Repeat this for within the area of "Encryption Certificate". The encryption algorithm must be "AES (256-bit)".
    After all click on "OK" and dialogue before also with "OK"

    Explanatory screenshot of the previous description
    Screenshot MS Outlook: Change Security Setting
    Explanatory screenshot of the previous description
    Screenshot MS Outlook: Trust Center
  7. If you now write a new e-mail, it will be signed and encrypted by default. If the recipient does not have a certificate, you can deactivate the "Encrypt" and/or "Sign" settings under "Options" by clicking on the respective buttons and send the e-mail unencrypted.
     

    Explanatory screenshot to the previous description with a marker on the "Encrypt/Sign" buttons
    Screenshot MS Outlook: Write Message