Managing Certificates in Microsoft Outlook
Automatically Configure Your Microsoft Outlook Security Profile
To sign and encrypt/decrypt emails with Microsoft Outlook, a security profile must be created in Outlook for your email Exchange account. This profile identifies the signature and encryption certificates.
ActivClient can automatically create your security profile.
-
Microsoft Outlook is installed on your workstation.
-
Microsoft Outlook Usability Enhancements (sub-component of the Digital Certificates Services component) was installed during setup.
-
The ActivClient policy, Turn off setup email certificates in Microsoft Outlook on card insertion, is disabled (default setting).
-
Your smart card contains certificates for email signature and encryption.
Refer Outlook Usability Enhancement for more information.
-
Start Microsoft Outlook configured with a Microsoft Exchange account.
-
Insert your smart card (chip-side up and chip first) into the smart card reader.
-
If you do not have an existing Microsoft Outlook security profile, ActivClient automatically creates the profile.
-
If you already had an Outlook security profile, ActivClient automatically updates it with your smart card certificates.
-
ActivClient also makes sure that the most current certificates are used and that the email address in the certificate matches that of the Outlook account.
-
Automatically Publish Your Certificates to the Global Address List
To allow other users to send you encrypted email, they need access to your encryption digital certificate. A common method is to publish all users’ certificates in the Exchange Global Address List (GAL).
ActivClient can automatically publish your certificates in the Global Address List.
-
Microsoft Outlook is installed on your workstation.
-
Microsoft Outlook Usability Enhancements (sub-component of the Digital Certificates Services component) was installed during setup.
-
The ActivClient policy, Turn on automatic publication of certificates to the Global Address List, is enabled (it is disabled by default; your administrator might have enabled this feature).
-
The ActivClient policy, Turn off setup email certificates in Microsoft Outlook on card insertion, is disabled (it is disabled by default; your administrator might have enabled this feature).
-
Your smart card contains certificates for email signature and email encryption.
-
Start Microsoft Outlook configured with a Microsoft Exchange account.
-
Insert your smart card (chip-side up and chip first) into the smart card reader.
-
Enter your PIN when prompted.
ActivClient automatically publishes your smart card-based certificates to the Global Address List.
-
Alternatively, you can publish your certificates to the GAL from the ActivClient User Console – From the User Console, select Tools, Advanced and then Publish to GAL.
-
Your Outlook security profile is created or updated.
-
Your certificates are published to the Global Address List.
-
Automatically Add Certificates to Microsoft Outlook Contacts
To send an encrypted email to one of your contacts, you need access to their digital encryption certificate. A common method is to add your contact’s information (including encryption certificates) to your Outlook Contacts. ActivClient can automatically add the information.
-
Microsoft Outlook is installed on your workstation.
-
Microsoft Outlook Usability Enhancements (sub-component of the Digital Certificates Services component) was installed during setup.
-
The ActivClient policy, Turn off automatic addition of sender's certificates to Microsoft Outlook contacts, is disabled (default setting).
Refer Outlook Usability Enhancement for more information.
-
Open a signed email that you received from your contact. It contains your contact’s encryption certificate.
ActivClient will ask you to either confirm the creation of the Outlook Contact entry or update an existing entry.
-
To proceed, accept the creation/update.
Your contact’s information and encryption certificate is saved in your Outlook Contacts.