Turning on S/MIME (Digital Signature/Encryption) in Outlook 2007

Digital Signature and Encryption can use Smart Card based Certificates in Outlook. 

In Office 2007, Select “Tools” à “Trust Center” à “Email Security”

See the attached image for configuration.


If you have had an email change from user@exchange.example.com to user@example.com and so the email address is different on your certificate compared to your exchange information. You will not be able to encrypt because Outlook does not allow it.


For Configuring Outlook 2003 on XP for the same,

1.    Select the ‘Tools’ button at the top and then select ‘Options’.

2.    Next, select the ‘Security’ tab.

3.    Under ‘Secure-email’, select the ‘Settings…’ button. This will bring up the ‘Change Security Settings’ window.

4.    Make sure you have a name listed under ‘Security Settings Name:’. If there isn’t one, please enter something that will be easy for you to remember. But, be sure that there is a name listed like: My S/MIME Settings (smysore@example.com). Also, make sure that in either case, both ‘Default Security Setting for this Secure Message Format’ and ‘Default Security Setting for all secure messages’ are selected and that being for the S/MIME Secure Message Format.

5.    Leave the ‘Secure Message format’ as S/MIME.

6.    Now, under ‘Certificates and Algorithms’ select the ‘Choose…’ button located across from the ‘Signing Certificate:’ header. This will bring up a ‘Select Certificate’ window listing any available signing certificates that you have installed on your machine. Please select a certificate and then click the ‘Ok’ button.

7.    Next, do the same for the ‘Encryption Certificate:’ section. The certificates listed in the ‘Select Certificate’ window of this section will be certificates that are installed on your machine and good for encrypting.

8.    For the ‘Hash algorithm’ and ‘Encryption Algorithm’ sections listed at the bottom of this window, you leave it as is using the defaults. The ‘Encryption Algorithms’ are the encryption preferences/strengths that you want to use. These are sent to the recipient of a signed mail that you send when Outlook XP is configured for encrypting. It lets them know what encryption strength you prefer. Typical algorithms used are RC2 (40bit), DES, RC2 (64bit), RC2 (128bit), and 3DES. These are listed in order of strength capabilities with 3DES being the strongest.

9.    Make sure the ‘Send these certificates with signed messages’ dialogue box is checked. This just sends your encrypting certificate along with your signing certificate every time you send a signed email to somebody. This will be explained later.

10.  Now, select ‘OK’ to apply your changes in the ‘Change Security Settings’ window.


Comments (4)

  1. SpatDSG says:

    When you set up outlook 2007 to Add Digital Signatures to outgoing messages… you are  prompted for access to the private keys each time you wish to send mail.

  2. Gary Delgado says:

    You stated "You will not be able to encrypt because Outlook does not allow it" in the artical, however, isn’t it possible to do a SupressNameChecks in the registry to allow you to do encryption?

  3. PRABHAT says:


  4. Mariome says:

    Good information! What if you have several Digital Signatures listed and try to allow current user to sign email, but the profile selected does not stay selected you have to choose a digital signatures every time?