Once properly configured, S/MIME email signing and encryption is an easy, automated way to secure your sensitive email communications. It is the best way to ensure the integrity and confidentiality of sensitive emails with your business partners. However, it can be extremely frustrating because the sender not only needs their own certificates properly installed on each mail client they use, but must also have the each recipient's S/MIME certificates to send securely to them.
Without a gateway-level solution like the SecureMail Gateway
from GlobalCerts, you will not only have to load your S/MIME certificates onto every device used to send email, but also import all 3rd party certificates you of any recipients with which you want to send S/MIME email. This can quickly become a very time-consuming task even if you only have just a few partners to use and a couple devices. This guide will walk you through the process of importing an SMG user's S/MIME certificates after you have received an S/MIME signed or encrypted email from them.
Trusting and Importing the SMG User's Certificates
If you have received an S/MIME signed or encrypted email from a GlobalCerts customer, here are the steps you need to perform on your computer to import their signing and encryption certificates:
1) Locate the signed email in your inbox and open it.
2) Click on the certificate warning icon on the right hand side of the header:
3) Trust and install the certificate authority (it should be named 'GlobalCerts Root CA' if using our default issued certificates). The fingerprint should be f1a99926ca02a23700ae0d3345fbfa6cd3afb2f6:
4) Now when you reload the signed email, it will show a red ribbon icon indicating the message signature is valid and trusted. You can click on the ribbon to view the details:
5)You can now reply to this signed email using S/MIME encryption. Outlook will automatically utilize the SMG user's public key to encrypt the email with S/MIME. This will also add/import the user's S/MIME certificates to your local computer, usually under the 'Certificates - Current User' -> 'Other People' certificate store. However, you will not be able to compose a new S/MIME email to this user until you 'import' their public encryption certificate into their Outlook Contact.
Now that you have the certificates of the SMG user in your computer's certificate store, you can 'export' them to a file and associate them to their Outlook contact. This will allow you to compose a NEW S/MIME encrypted email to the user, rather than needing to reply to one that is signed.
1) Open the 'certmgr' program under the Control Panel -> User Accounts -> Manage User Certificates
2) Find the certificates for the user under the 'Other People' -> 'Certificates' section in the left menu.
Locating Certificates in CertMgr
3) There will be 2 certificates, a signing and encryption certificate. For each, right click and choose 'All Tasks...' -> 'Export'. Export to a .P7B file including the certificate chain:
4) Choose a filename and location to save the file and finish the export wizard.
Now you can 'import' the p7b file to the Outlook contact for later use.
Now that you have the SMG user certificates exported to your computer, you can import them to the Outlook contact so that they can be used to compose new messages to the user in the future.
1) Right click on the email address, and click 'edit Contact' option (or create a new contact if not already saved).
2) Click on the 'Certificates' option in the top ribbon, and click 'Import...' on the right hand side:
3) Browse and Select the file you exported, and click OK.
4) Don't forget to click Save&Close button at the top left:
Now you should be able to compose a NEW email in Outlook to this user and use S/MIME encryption to send to them!
All S/MIME certificates, including ones issued by GlobalCerts, only have a limited validity period. (usually 1 year). Once the certificate expires you will no longer be able to use it and must import the user's new S/MIME certificate.
Importing an SMG user's S/MIME certificate(s) into your Outlook client can be a somewhat involved process. Keep in mind that in most cases it is not absolutely necessary, and the only thing you may need to do to send S/MIME email to them is explicitly trust the Certificate Authority of the user's certificate (see Trusting and Importing an SMG User's Certificates above)
With a gateway-level solution like the GlobalCerts SecureMail Gateway
, all of these steps are done automatically. External certificates are automatically harvested and can immediately be used by all senders in your organization. Furthermore, there is no need to perform these steps on each device; you can even use mobile devices and web clients that normally don't support S/MIME. For more information on the benefits of using a secure email solution, please contact GlobalCerts Sales