<

How to Configure S/MIME in Office 365 - Explained

Published on
6,296 Points
3,096 Views
2 Endorsements
Last Modified:
S/MIME stands for Secure/Multipurpose Internet Mail Extensions and is used as a standard for digital signing of MIME data as well as for public key encryption. It is mainly based on PKCS standards, comes from RSA security and it uses MIME format for the message structuring and hence the name S/MIME. It is advanced form of MIME. S/MIME provides security such as; authentication, privacy, data security, message integrity, etc. It ensures that the emails are digitally signed and the content is unaltered. As said above that, S/MIME helps in encryption; it also enables the user to compose, encrypt, digitally sign, etc. between two organizations.

Configuring the S/MIME with Office 365 helps the user to secure their emails and thus, gives support to Outlook, Exchange server, OWA, etc. S/MIME provides many services for the email encryption such as; signed receipts, security labels, secure mailing list, signing certificates etc.

Let us see the procedure for Enabling of S/MIME in Exchange Online of Office 365

For the configuration of S/MIME in Office 365, support of .SST files and End User’s Certificate is essential.

  • .SST file: It is a file which contains certificates, used for S/MIME validation in Office 365 and also used for validating website identities. SST is obtained from Certificate Authority.
  • End User’s Certificate: It is obtained from Certificate Authority for encrypting messages as well as for signing.
Contour For The Process:

The following are the routes for the configuration

Step 1: Need to create .SST file. For exporting .SST file, you can use Certificate MMC.

  • Open certmgr.msc and explore through Trusted Root Certificate Authorities folder.
  • Select ‘certificate’ folder within it.
  • Choose CA Certificate for S/MIME.
  • Export certificate by right clicking and selecting All Tasks-Export.
img1.pngStep 2: After exporting; choose Microsoft Serialized Certificate Store from Certificate Export Wizard. Press ‘Next’ button and then, on ‘Save’ for saving SST file.

img2.png 
Step 3: Uploading .SST file to 365 server
Use the remote PowerShell commands for updating;
 
$sst = Get-Content<sst file copied>.sst-Encoding Byte
Set-SmimeConfig – SMIMECertificateIssuingCA $sst

Open in new window


Step 4: Issuing Certificate
Give the user’s certificate to Exchange Online Global Address List through Outlook 2013. If not, user cannot exchange encrypted message.

For Issuing:
  • Select ‘Options’ from ‘File’ menu in Outlook 2013.
  • In ‘Option’ choose Trust Center-Trust Center Settings-Email Security.
  • From Trust Center window, select Settings and go for the certificate.
  • Type Security Setting name and select Signing and Encryption Certificate from Change Security Setting window.
img3.png
  • Choose the default Algorithm and press ‘Ok’.
  • Click on ‘Public to GAL’ button
  • Press ‘Ok’.
img4.pngStep 5: Confirm certificate issued in AAD.
  • Open Exchange Online using the PowerShell.
  • Run commands and make sure UserSMimeCertificate impute is lived. If not, go to Step 4.
Step 6: If you receive information regarding, user has certificate and is issued in AAD then, user can use Outlook or receive S/MIME encrypted messages.

Verdict: Office 365 is deployed by Microsoft for the users to provide the services outside the network. It supports many applications and all are of latest versions. Enabling S/MIME with Office 365 will enable security to the mails of Outlook and Exchange server in Office 365. Many other applications such as; Lotus Notes, Netscape, etc. has already implemented the S/MIME support. S/MIME provides standard for encryption to emails.
2
Comment
Author:Joe Prior
1 Comment

Expert Comment

by:Chris Glasier
I can easily do this with the outlook client however, its a bit more difficult with Office 365 OWA.  After following tis article I keep seeing the same cert (Not the one I am using with my outlook client)  I do a Get-Mail;box <username> |FT *user* I keep getting the same cert start with 48 130 dot dot dot...the only difference is im not using AAD.  Isn't there a way through power shell to allow the user to change default certs?

Thanks,
Chris
0

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Join & Write a Comment

This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Wrapper-1-Query. Use an Excel function to calculate a column for an Access query. Part 1. Shows a query in Access that has a calculated column with the results of an Excel worksheet function. See how to call a wrapper function from a query, and …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month