How users manage digital certificates in Outlook 2016 for Mac

 

Applies to: Outlook 2016 for Mac

Topic Last Modified: 2016-12-20


To use encryption and digital signature features, the user must have a digital certificate — the combination of a user's certificate and public and private encryption key set. Digital certificates, also known as digital IDs, help to keep users' e-mail messages secure by letting them exchange cryptographic messages. Managing digital certificates includes:

  • Obtaining digital certificates

  • Installing root certificates to verify certificates that are issued by non-standard certification authority (CA)

  • Importing, exporting, or deleting a certificate from user computer

  • Sending a digitally signed message

  • Sending an encrypted message

For information about digital certificates requirements, see Digital certificate requirements for sending and receiving messages.

You can issue a self-signed certificate or you can purchase digital certificates from a CA.

Outlook for Mac uses root certificates, also called anchor certificates, to verify the authenticity of all certificates that derive from it in a chain of trust. Mac OS X comes with a default set of root certificates that are trusted, but users might have to install additional root certificates on their computers in order to verify certificates that are issued by non-standard CAs.

To install a root certificate on the computer, the person installing it must have access to an administrator account. Outlook for Mac looks for root certificates in the X509 Anchors keychain (not visible by default) and the system or login keychains on Mac OS X v10.10 (Yosemite).

CautionCaution:
Outlook for Mac does not recognize any trust level settings defined for a certificate. The improved trust settings in Mac OS X v10.10 (Yosemite) allow you to configure different levels of trust. For example, you can configure to Always Trust or Never Trust a certificate. However, Outlook for Mac will ignore these settings.
Install a root certificate in Mac OS X v10.10
  1. Double-click the .cer file to open the Keychain Access application.

  2. In the Add Certificates dialog box, on the pop-up menu, click login, and then click OK.

    If you are asked to provide a name and password, use the administrator credentials.

  3. Double-click the certificate to verify its details.

  4. Quit and then reopen Outlook for Mac.

Import a certificate
  1. At the bottom of the Outlook for Mac folder pane, click People.

  2. Open the contact that you want, and then click the Certificates tab.

  3. Click Add button, locate the certificate, and then click Open.

    NoteNote:
    To set the default certificate for a contact, select the certificate, click Edit button, and then click Set as Default.
NoteNote:
You cannot export a certificate with Outlook 2016 for Mac.
Delete a certificate
  1. At the bottom of the Outlook for Mac folder pane, click People.

  2. Open the contact that you want, and then click the Certificates tab.

  3. Select the certificate, and then click Delete button.

ImportantImportant:
Before you start this procedure, you must add a digital certificate to your Mac OS X keychain.
To send a digitally signed message
  1. On the Tools menu, click Accounts.

  2. Click the account that you want to send a digitally signed message from, click Advanced, and then click the Security tab.

  3. Under Digital signing, on the Certificate pop-up menu, click the certificate that you want to use.

    NoteNote:
    The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.
  4. Do any of the following:

     

    To Do this

    Make sure that your digitally signed messages can be opened by all recipients, even if they do not have an S/MIME mail application and can't verify the certificate

    Select the Send digitally signed messages as clear text check box.

    Allow your recipients to send encrypted messages to you

    Make sure that you have selected your signing and encryption certificates on this screen, and then select the Include my certificates in signed messages check box.

  5. Click OK, and then close the Accounts dialog box.

  6. In an e-mail message, on the Options tab, click Security, and then click Digitally Sign Message.

    Click Security on the Options tab

ImportantImportant:
Before you start this procedure, you must have a digital certificate. You must also have a copy of each recipient's certificate saved with the contacts' entries in Outlook. For information about how to add your contacts' certificates to Outlook, see the "Importing, exporting, or deleting a certificate from the user's computer" section above. Or, if your recipient is listed on an LDAP, the recipient's certificate is published to the directory service and is available with other contact information.
To send an encrypted message
  1. On the Tools menu, click Accounts.

  2. Click the account that you want to send a digitally signed message from, click Advanced, and then click the Security tab.

  3. Under Encryption, on the Certificate pop-up menu, click the certificate that you want to use.

    NoteNote:
    The Certificate pop-up menu only displays certificates that are valid for digital signing or encryption that you have already added to the keychain for your Mac OS X user account.
  4. Click OK, and then close the Accounts dialog box.

  5. In an e-mail message, on the Options tab, click Security, and then click Encrypt Message.

    Click Security on the Options tab
    NoteNote:
    When you send an encrypted message, your recipient's certificate is used to encrypt his or her copy of the message. Your certificate is used to encrypt the copy that is saved to your Sent Items or Drafts folder in Outlook.
 
Show: