Purpose: Secure Email (S/MIME) certificate installation guide
For Secure Email (S/MIME) certificate on Outlook on Mac OS X
The installation is in three parts:
1) Importing S/MIME certificate to Keychain Access
2) Linking S/MIME certificate to your Outlook profile
3) Storing a contact's Secure Email certificate (S/MIME exchange)
Part 1 of 3: Importing S/MIME certificate to Keychain Access1. Click on the link in your certificate pickup email. Note the below image shows a pick-up email for a personal S/MIME, however this process is the same regardless if you've obtained a personal S/MIME from our retail site, or if you've obtained an Enterprise S/MIME issued to you from an ECS Enterprise account.
2. A browser window will open. Enter the password you used when you placed order or created certificate using ECS Enterprise account.
3. Import the .p12 file by saving it. Open the file. You will be asked to provide a password to open the file. Provide the same password provided in step 2.
4. The Keychain Access app should open automatically after providing the password. If not, you can find it in your apps by searching for "keychain".
5. In Keychain Access, on the left-hand menu under Category go to Certificates. There, you will see the imported certificate with the identity related to the email address for which it was made. Click on the certificate. Note there is an error "This certificate was signed by an unknown authority". You will need to download the Entrust CA intermediate certificate.
6. You can do so by selecting command+clicking on the certificate, and then selecting Get Info.
7. Now, under details, scroll down to Method #2 and select the URL. This will download the Entrust intermediate CA certificate.
8. Open the downloaded .cer file.
9. You will be asked if you want to add the certificate to a login keychain. Confirm you do by selecting Add.
10. The Entrust intermediate CA certificate and 2048 Root certificate will now appear in Keychain Access > Certificates.
11. As a result of importing the Entrust intermediate CA certificate and Root 2048 certificate and chaining them to your S/MIME certificate, your S/MIME certificate should now be valid.
The secure email certificate has been successfully imported to Keychain Access.
Part 2 of 3: Linking S/MIME certificate to your Outlook profile
1. If Outlook was open while you imported your certificate, close and reopen it.
2. In Outlook, go to Tools > Accounts.
3. Go to Advanced and select the Security tab. There, you can find the certificate you imported in Part 1. Select that certificate.
4. Select Signed outgoing messages and and make sure all three options shown are selected.
5. Select your Encryption certificate. Leave Encrypt outgoing messages unchecked for now.
6. Select okay and exit the Accounts menu.
7. Compose a new message. On the message dialogue, you will digital signing is enabled.
You have successfully linked the S/MIME certificate to your Outlook profile.
Part 3 of 3: Storing a contact's Secure Email certificate (S/MIME exchange)
You must exchange public keys with a user in order to exchange Encrypted email. To do so send the user a digitally signed email and have them respond to you with a digitally signed email.
1. When you send a digitally signed email to someone for the first time, you will be prompted with the below. Select Allow so that your public key can be sent to the user with whom you are in the process of completing the S/MIME exchange.
2. When the user sends you back a digitally signed email, open their message. A bar beneath the main email header indicates the email has been digitally signed.
On the far right of that header is a Details tab. Drop it down and select Add Encryption Certificate to Contacts.
You can now exchange encrypted email with that user. You can confirm the user's public key has been stored by checking Keychain Access and seeing the user's public key listed there.
It is not recommended you turn on encryption for all messages unless you are sure you will only be sending messages to email addresses that are in your Secure Email exchange environment (such as you just set up above). You can choose to encrypt individual messages by going to the Options tab of on a message window and under the Security button selecting Encrypt Message.
If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance:
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088