How to Configure an Email Encryption Certificate S/MIME in Outlook

In the new Outlook for Windows you must have

• A DigiCert S/MIME certificate or a comparable from a CA "Certificate Authority" 
• A Microsoft 365 license supporting S/MIME (e.g., E3, E5, or Business Premium).

Steps to Enable S/MIME Encryption with DigiCert in New Outlook

1. Obtain and Import the DigiCert Certificate

• Request the Certificate:
  • Log in to your DigiCert CertCentral account (digicert.com) or a comparable from a CA "Certificate Authority" 
  • Go to Certificates > Add Certificate > S/MIME Certificate.
  • Enter your email address, generate a CSR (using DigiCert Utility or another tool), and download the issued .p12/.pfx file after approval.
• Import to Windows Certificate Store:
  • Double-click the .p12/.pfx file.
  • Follow the Certificate Import Wizard, selecting Personal > Certificates, and enter the password provided by DigiCert or a comparable from a CA "Certificate Authority" 
  • Ensure the certificate is marked for all purposes and appears in certmgr.msc under Personal > Certificates.

2. Configure S/MIME in New Outlook

• Enable S/MIME Support:
  • Open the new Outlook (ensure the "New Outlook" toggle is on under Settings > General).
  • Click the Settings gear icon (bottom left) > View all Outlook settings > Mail > Security.
  • Under Encrypted email, toggle on Encrypt contents and attachments for outgoing messages.
  • For Digital signature, toggle it on if you want to sign emails (optional).
  • Note: The new Outlook relies on the Windows certificate store, so you don’t select the certificate here directly—ensure it’s imported as above.
• Install S/MIME Control (if needed for Web):
  • If using Outlook on the web, after enabling S/MIME in Exchange (step 3), install the S/MIME control extension when prompted in the browser.

3. Test Encryption in New Outlook

• Send a Test Email:
  • Compose a new email in the new Outlook.
  • Click the More actions (three dots) icon in the toolbar > Encrypt (or Sign if enabled).
  • Send to yourself or another user with the public key.
• Verify:
  • Open the received email. It should decrypt automatically with your private key, or prompt for the certificate password if set.

Additional Notes

• Certificate Detection: The new Outlook automatically detects certificates from the Windows store. If encryption options don’t appear, ensure the DigiCert certificate is correctly imported and matches your email address.
• Outlook on the Web: After enabling S/MIME in Exchange, the S/MIME control must be installed for web access. Look for a prompt or download it from the Microsoft 365 Message Encryption site.
• External Recipients: Share your public key (.cer) with recipients to enable them to decrypt your emails.
• Troubleshooting: If the Encrypt option is missing, verify the certificate in certmgr.msc and restart Outlook. Check Exchange S/MIME settings if issues persist.

Troubleshooting

• No Encrypt Option: Ensure the certificate is in the Personal store and S/MIME is enabled in Exchange. Update Outlook if needed.
• Decryption Failure: Confirm the private key is installed and matches the public key uploaded to Exchange.