ARCHIVED: About email encryption using S/MIME client certificates at IU
To view all the content available to you here, use the green log into the Knowledge Base.
button at the top of this page toDue to enhanced security features in Exchange Online, digital signatures are no longer required at IU; however, digital signatures will continue to work as expected if you wish to continue using them.
At Indiana University, S/MIME client certificates are most commonly used to digitally sign email messages; see ARCHIVED: Use an S/MIME client certificate to secure your email messages with a digital signature. Client certificates also can be used to send and receive encrypted email messages within the IU Exchange system, as described below. To encrypt email sent to recipients outside the IU Exchange system, see About Office Message Encryption (OME).
Each S/MIME client certificate includes two items, known as a public key and a private key. To send encrypted mail, you need your private key and the recipient's public key. To read encrypted mail, you need your private key and the sender's public key.
If you want to allow other IU Exchange users to send you encrypted email, you can publish your client certificate to the Global Address List (GAL). To do so, you need to use Outlook for Windows (available through IUanyWare if you do not have it installed). Also, when your client certificate expires, you'll need to republish the new one.
The following instructions assume that you have already received and installed (or renewed and installed) your client certificate. If not, follow the appropriate instructions linked from ARCHIVED: Use an S/MIME client certificate to secure your email messages with a digital signature.
- From kb:boiler src="name-outlook"/>'s tab, click . Select , click , and then click .
- To publish your client certificate to the GAL, click Note:You may not see the "Publish to GAL" button if you have multiple Exchange accounts added to your Outlook profile. If the button is missing, create another Outlook profile containing the single Exchange account for which you're publishing the certificate, and then retry these instructions.
.
- You will see a dialog box that says "Microsoft Outlook is about to publish your default security certificates to the Global Address List"; click .
You will see a dialog box that confirms "Your certificates were published successfully".
You should always keep backups of your client certificates. If you lose your certificate, you will not be able to read mail that was encrypted with that certificate. To read messages encrypted with an older certificate, you need the older certificate.
This is document alhi in the Knowledge Base.
Last modified on 2023-05-18 10:28:35.