Solved

S\MIME Encryption on Outlook

Posted on 2016-08-14
12
90 Views
Last Modified: 2016-09-24
hello,

We have enabled S\MIME encryption on outlook for some users but we are facing issue once we send signed message or encrypted that it is received as attachment. can we solve this ?

Regards,
0
Comment
Question by:fadyaz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
12 Comments
 
LVL 14

Expert Comment

by:Alexei Kuznetsov (Outlook MVP)
ID: 41755584
What email clients are on the recipient side?
0
 
LVL 2

Author Comment

by:fadyaz
ID: 41755587
Outllok on windows

It is happened with all clients recipients on windows or phone.
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 41758733
have you exchanged public keys? The recipient must have your public key
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
ID: 41763995
On mobile check
Enable S/MIME on the device

From the Windows Phone device perform the following steps:

Open the company email account.

Tap the … to open the menu window.

Tap settings.

Tap sync settings.

To sign messages with S/MIME, slide the Sign with S/MIME bar to the On position.

To encrypt messages with S/MIME, slide the Encrypt with S/MIME bar to the On position.

Tap the Check mark to save the sync settings.
https://msdn.microsoft.com/en-us/library/dn643699.aspx

Also check the EAS setting

Exchange ActiveSync mailbox policies let you apply a common set of policy or security settings to a user or group of users.

Enable S/MIME for Exchange ActiveSync following these steps:

Open the Exchange Management Shell
Run the command Get-Mobile

Verify that the policy settings in the following table are configured:
....
see any specific exchange errors and see if the user can to themselves to test as well.
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
ID: 41764211
Before you can encrypt you need to exchange public keys. And all devices you want to transmit from needs the private key for the mail address.

Be careful with hosted services, the SMTP sending device needs the keys, with hosted services the device is owned by the hoster (so it conectent is accessible to the hoster) , that hoster can disguise as you indistinguishable from you. So there is never security there, for some things like confidentiality the cloud, as such, is not a solution.
IMHO Windows 10 devices count as hosted devices as Microsoft reserved the right to upload anything from your device, that might include the private keys needed for encryption.
0
 
LVL 64

Assisted Solution

by:btan
btan earned 250 total points (awarded by participants)
ID: 41764250
Do ensure the below certificate are installed e.g.
- Trusted root CA certificate (Computer certificate store - Root)
- User certificate (Include email address in subject name, Email address, User principal name (UPN)) stated in the cert and for your account cert store in the Certificates – Current User)

As a whole you need to setup the digital ID, based on how you get the certificate, you can provision SMIME as per the link

http://searchexchange.techtarget.com/tutorial/Using-S-MIME-in-Microsoft-Outlook
0
 
LVL 82

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 125 total points (awarded by participants)
ID: 41764483
The easiest way to exchange keys is for each user in the conversation to send a signed message and each recipient double clicks the certificate and installs it.
0
 
LVL 2

Author Comment

by:fadyaz
ID: 41782461
is this working on mac also?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 125 total points (awarded by participants)
ID: 41784379
If S/MIME is supported by your mail package Yes.
After the association of the email address with a public key (using a signed message)
Encryption can be used.  Note that your private key should always be with you, and never be uploaded to some web-based service unless you control (have physical owner ship & posession) of the system the service is placed on.
0
 
LVL 64

Accepted Solution

by:
btan earned 250 total points (awarded by participants)
ID: 41784510
Mac outlook client support SMIME as long as you import the certificate (PFX for containing private key) into the Mac Keyring.

https://technet.microsoft.com/en-us/library/jj984223(v=office.16).aspx
0
 
LVL 64

Expert Comment

by:btan
ID: 41813551
As shared and advised in the post.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
A look at what happened in the Verizon cloud breach.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question