Setting up S/MIME encryption

Get your certificates and keys first.

OpenSSL install and command

You may at this point need to install openSSL. You can do this by opening an admin command prompt and running ‘choco install openSSL

Run Open SSL from a regular command prompt by just calling the exe file from the install location to confirm it’s working.

Copy all of the downloads from the certificate provider to c:\temp and then cd there.

Next run the command to create a pfx file using the certificates and keys provided by the certificate provider.

“C:\program files\openssl-win64\bin\openssl.exe” pkcs12 -inkey “certkey.pem” -in “cert.crt” -export -out username.pfx


Open Outlook and head to the trust center. Under Email security, select Import/Export

Find your pfx file, enter your export password and import it.

Click OK and OK again.

Under Email security, select “settings”

Enter a security settings name and choose the signing certificate.

Click OK.

The receiving user will need to send a signed email to the user your setting up but after that, you should now be able to encrypt emails with S/MIME.

Leave a Reply