Office for Mac 2011 Administrator's Guide > Planning for Outlook for Mac 2011

How users manage digital certificates in Outlook for Mac 2011

To use encryption and digital signature features, the user must have a digital certificateA file issued and verified by a third-party certificate authority that is used in the process of digitally signing or encrypting messages. A certificate is sometimes called a "digital ID" or "digital certificate." — the combination of a user's certificate and public and private encryption key set. Digital certificates, also known as digital IDs, help to keep users' e-mail messages secure by letting them exchange cryptographic messages. Managing digital certificates includes:

Obtaining digital certificates
Installing root certificates to verify certificates that are issued by non-standard certification authority (CA)An entity that issues digital certificates (digital IDs).
Importing, exporting, or deleting a certificate from user computer
Sending a digitally signed message
Sending an encrypted message

For information about digital certificates requirements, see Digital certificate requirements for sending and receiving messages.

Obtaining digital certificates

You can issue a self-signed certificateAn identity certificate that is signed by its own creator. or you can purchase digital certificates from a CA. To get a digital certificate from a trusted Microsoft partner, go to the Office Marketplace digital ID page on the Microsoft Web site (office.microsoft.com).

Installing root certificates to verify certificates that are issued by non-standard CAs

Outlook for Mac uses root certificates, also called anchor certificates, to verify the authenticity of all certificates that derive from it in a chain of trust. Mac OS X comes with a default set of root certificates that are trusted, but users might have to install additional root certificates on their computers in order to verify certificates that are issued by non-standard CAs.

To install a root certificate on the computer, the person installing it must have access to an administrator account. Outlook for Mac looks for root certificates in the X509 Anchors keychain (not visible by default) and the system or login keychains on Mac OS X v10.6 (Snow Leopard).

Caution

Outlook for Mac does not recognize any trust level settings defined for a certificate. The improved trust settings in Mac OS X v10.6 (Snow Leopard) allow you to configure different levels of trust. For example, you can configure to Always Trust or Never Trust a certificate. However, Outlook for Mac will ignore these settings.

Install a root certificate in Mac OS X v10.6

Double-click the .cer file to open the Keychain Access application.
In the Add Certificates dialog box, on the pop-up menu, click login, and then click OK.

If you are asked to provide a name and password, use the administrator credentials.
Double-click the certificate to verify its details.
Quit and then reopen Outlook for Mac.

Importing, exporting, or deleting a certificate from the user's computer

Import a certificate

At the bottom of the Outlook for Mac navigation pane, click Contacts.
Open the contact that you want, and then click the Certificates tab.
Click , locate the certificate, and then click Open.

Note To set the default certificate for a contact, select the certificate, click Action pop-up menu

, and then click Set as Default.

Export a certificate

Certificates can be exported in three formats: DER encoded X.509, PEM (Base-64 encoded X.509), and PKCS #7. The DER encoded X.509 format is the most common, but you might want to ask what format your recipient requires.

At the bottom of the Outlook for Mac navigation pane, click Contacts.
Open the contact that you want, and then click the Certificates tab.
Select the certificate, click , and then click Export.

To set the format of the certificate, make a selection on the Format menu.

Delete a certificate

At the bottom of the Outlook for Mac navigation pane, click Contacts.
Open the contact that you want, and then click the Certificates tab.
Select the certificate, and then click .

Send a digitally signed message

Important

Before you start this procedure, you must add a digital certificate to your Mac OS X keychain.

On the Tools menu, click Accounts.
Click the account that you want to send a digitally signed message from, click Advanced, and then click the Security tab.
Under Digital signing, on the Certificate pop-up menu, click the certificate that you want to use.

Note The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.

Do any of the following:

To	Do this
Make sure that your digitally signed messages can be opened by all recipients, even if they do not have an S/MIMEA security standard built into many e-mail applications, including Outlook, that enables you to use digital signing and encryption. To use digital signing and encryption, both the sender and recipient must have a mail application that supports the S/MIME standard. mail application and can't verify the certificate	Select the Send digitally signed messages as clear text check box.
Allow your recipients to send encrypted messages to you	Make sure that you have selected your signing and encryption certificates on this screen, and then select the Include my certificates in signed messages check box.

Do this

Make sure that your digitally signed messages can be opened by all recipients, even if they do not have an S/MIMEA security standard built into many e-mail applications, including Outlook, that enables you to use digital signing and encryption. To use digital signing and encryption, both the sender and recipient must have a mail application that supports the S/MIME standard. mail application and can't verify the certificate

Select the Send digitally signed messages as clear text check box.

Allow your recipients to send encrypted messages to you

Make sure that you have selected your signing and encryption certificates on this screen, and then select the Include my certificates in signed messages check box.

Click OK, and then close the Accounts dialog box.
In an e-mail message, on the Options tab, click Security, and then click Digitally Sign Message.

Send an encrypted message

Important

Before you start this procedure, you must have a digital certificate. You must also have a copy of each recipient's certificate saved with the contacts' entries in Outlook. For information about how to add your contacts' certificates to Outlook, see the "Importing, exporting, or deleting a certificate from the user's computer" section above. Or, if your recipient is listed on an LDAP, the recipient's certificate is published to the directory service and is available with other contact information.

On the Tools menu, click Accounts.
Click the account that you want to send an encrypted message from, click Advanced, and then click the Security tab.
Under Encryption, on the Certificate pop-up menu, click the certificate that you want to use.

Note The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.
Click OK, and then close the Accounts dialog box.
In an e-mail message, on the Options tab, click Security, and then click Encrypt Message.

Note When you send an encrypted message, your recipient's certificate is used to encrypt his or her copy of the message. Your certificate is used to encrypt the copy that is saved to your Sent Items or Drafts folder in Outlook.

Need additional help on this topic?

Search the Microsoft Answers forum to get help from others in the Office community.

Share your feedback about this topic

Rate this content: