Disable your client certificate

On this page:

Overview

Note:

To view all the content available to you here, use the green Log in button at the top of this page to log into the Knowledge Base.

Due to enhanced security features in Exchange Online, you should no longer use digital signatures at IU. Follow the appropriate instructions below to remove your certificates.

Disable your client certificate

Outlook for Windows

  1. Open Outlook. From the File tab, choose Options, then Trust Center, and then Trust Center Settings....
  2. Select Email Security.
  3. Uncheck Add digital signature to outgoing messages.
  4. Next to "Default Setting", select the Settings... button. In the "Security Settings Name" drop-down, select a listing and then choose Delete. Repeat until the "Security Settings Name" drop-down is empty and Delete is disabled.
  5. Select OK twice.

Outlook on the web

S/MIME is not automatically set up for browsers, and requires specific browsers and a special plug-in to work. Most people did not set this up, but even if you did, it is inert unless activated by the mail client once loaded in the browser. For these reasons, no action is usually necessary for removing S/MIME in a browser. You can, however, check the following:

  1. Open Edge, and log into Outlook on the web.
  2. Select the Settings icon (looks like a gear) in the upper right, and then choose View all Outlook settings.
  3. Select Mail on the left, and then choose S/MIME.
  4. In the "S/MIME" window, uncheck Add a digital signature to all messages I send. Select Save.

iOS devices

UITS suggests checking both these options:

Option 1

  1. Access your account settings:
    • iOS 14: Go to Settings > Mail > Accounts.
    • iOS 12 and 13: Go to Settings > Password & Accounts.
    • iOS 11: Go to Settings > Accounts & Passwords.
    • Earlier versions: Go to Settings > Mail > Accounts.
  2. Select the email account associated with your certificate.
  3. Tap the Account button with your IU email address.
  4. On the "Account" screen, tap Advanced Settings.
  5. Tap Sign, and then slide "Sign" to the off position.
  6. On the "Sign" page, tap Back to go back to the "Advanced Settings" page.
  7. On the "Advanced Settings" page, tap Account to go back to the "Account" page.
  8. Tap Done to apply the settings.

Option 2

  1. Access your profile settings:
    • iOS 16: Go to Settings > General > VPN & Device Management.
    • Earlier versions: Go to Settings > General > Profiles & Device Management.
  2. Select the profile associated with your certificate.
  3. Tap Remove Profile, and enter your passcode.
  4. Tap Remove.

Apple Mail

  1. Open Mail.
  2. Begin composing an email message. Select the "Signed" icon (The 'Signed' icon indicates your message will be digitally signed.) in the lower right of the message header to no longer digitally sign email.

Outlook for macOS

  1. From the Outlook menu, select Preferences > Accounts, and then select your IU email account. If you are using the classic Outlook interface, choose Advanced, and then select the Security tab. If you are using the new Outlook interface, select Security.
  2. In the "Digital signing" section, select your client certificate from the drop-down menu.
  3. Uncheck Sign outgoing messages.
  4. Uncheck Send digitally signed messages as clear text.
  5. Uncheck Include my certificates in signed messages.
  6. Select OK to save your changes and exit Outlook Preferences.

Android devices

Option 1

  1. In your email app, tap the Menu (usually three bars on the top left).
  2. Choose Settings (the cog wheel).
  3. Select your email account.
  4. Scroll down and tap Security options.
  5. Unselect Sign all outgoing messages.
  6. Tap Done, and use your back arrow to get back to your Inbox.

Option 2

  1. Access the "Security settings" screen for your account:
    1. On your device, open Settings, select Accounts, and then select the icon for the email app that's associated with your IU Exchange account.
    2. Select Account settings, and then select your IU Exchange account (which should be displayed below "General settings").
    3. Scroll down to the "Server settings" section, and then select Security settings.
  2. On the "Security settings" screen, under "Digital signature settings", uncheck Default digital signature to no longer digitally sign email.

Option 3

  1. Go to "Security settings" for your account. To do so:
    1. On your device, select Settings, then choose Security & lock screen, and then select Encryption & credentials.
    2. Select User credentials.
  2. In "User credentials", select the S/MIME certificate.
  3. Select Uninstall.

Owl for Exchange add-on in Thunderbird

  1. In Thunderbird for Windows or macOS, select Tools, and then choose Account Settings. In Thunderbird for Linux, select Edit, and then choose Account Settings.
  2. At the bottom right, select Manage Identities.
  3. Select your account, and then choose Edit.
  4. Select End-To-End Encryption, and then, under "S/MIME" (beside "Personal certificate for digital signing", choose Select.
  5. If your imported S/MIME client certificate is not already selected, choose it from the drop-down at the top, and then select OK.
  6. When you see the following prompt, select Yes:

    You should also specify a certificate for other people to use when they send you encrypted messages. Do you want to use the same certificate to encrypt & decrypt messages sent to you?

  7. Under "Default settings for sending messages", uncheck Add my digital signature by default.
  8. Select OK, then Close, and then close Account Settings.

This is document bcta in the Knowledge Base.
Last modified on 2024-04-09 09:56:14.