Versions Compared

Old Version 4

changes.mady.by.user Anson Huang

Saved on

compared with

New Version Current

changes.mady.by.user Rohan Raghavan

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The IST Security Operations Center has a self-serve webpage where you can request an S/MIME Personal Sign certificate to allow for digital signing and email encryption.

...

To request a GlobalSign S/MIME certificate, please refer to the article How to request and download a GlobalSign S/MIME certificate. It may take several business days for the certificate to be issued.

  1. PersonalSign Installation - Step 1: Download Your Certificate

    1. You will receive an email from “no_reply@globalsign.com” with a link to download your certificate.

    2. You will need to enter the password you set during the application request to download the digital certificate. If you have lost or forgotten the password a request for a new S/MIME certificate needs to be submitted.

    3. Save the certificate to a secure location (i.e. OneDrive or N-drive) that you can access again if needed. You normally only install the certificate once per device, but you will need to use it again if you purchase a new computer or if a repair of your machine requires a fresh install of the OS and software.

  2. Mac OSX: removing a certificate. Complete these steps ONLY if you need to replace or repair an existing certificate.
    -To remove an old certificate before installing a replacement certificate.
    or
    -To remove a certificate if an incorrect password was entered when trying to install it.

    1. Close Outlook for Mac.

    2. Open the Keychain Access system utility on your Mac.

    3. Click login at upper-left of the navigation menu, then click the My Certificates filter along the top of the window.

    4. Multi-click the certificate with [Your Name] on it, then click Delete ‘[Your Name]' from the pop-up menu list.

    5. Click the Delete button in the “Are you sure…?” prompt window.

      Image Modified

    6. When prompted for admin authorization type in your Mac account admin password or press the TouchID button on your Mac.

    7. Quit the Keychain Access system utility application.

  3. Mac OSX: install the new certificate

    1. Switch to Finder and locate your certificate file “MPSYYYYMMDD######.pfx”

    2. Double-click on the certificate file.

    3. Type or copy & paste in the certificate password when prompted, then click OK or press [return] on your keyboard.

      Image Modified

    4. The Keychain Access system utility application will open.

    5. [Control]+click (or right-click) on your globalsign certificate in the right side of the Keychain Access window, then click Get Info from the pop-up menu.

      Image Modified

    6. In the certificate Info window click the arrow at the left of Trust to show the list of Trust options.

    7. Change the setting for When using this certificate to Always Trust (from “Use System Defaults.”)

      Image Modified

    8. Close the Certificate Info window by clicking the red “X” dot at upper-left of the window.

    9. Quit the Keychain Access system utility application.

  4. Log out (or restart your computer) and then login to your Mac account once again. (Keychain Access login changes require a log out then login to become effective.)

  5. Enable digital signing and encryption in Outlook for Mac.

    1. Open Outlook for Mac.

    2. Click Tools then click Accounts (either via the Outlook menu bar or on the Outlook toolbar ribbon.)

      Image Modified

    3. Your Exchange/Office 365 Account needs to be selected if you have multiple accounts set up.

    4. Confirm that your email address field matches the one listed in the certificate. Edit the field to make it match if necessary. E.g. username@uwaterloo.ca versus firstname.lastname@uwaterloo.ca

    5. Click the “Advanced…” button at lower-right.

      Image Modified

    6. Click the “Security” tab at the upper-right of the Advanced window.

    7. Digital signing:

      1. Certificate: select [Your Name]

      2. Signing algorithm: SHA-256

      3. Sign outgoing messages: when checked all email you send defaults to include a digital signature. You can uncheck this option if you prefer to manually enable your digital signature only when needed via the Options tab of an email message composition window.

    8. Encryption:

      1. Certificate: select [Your Name]

      2. Signing algorithm: AES-256

    9. Certificate authentication:

      1. Client authentication: [Your Name]

    10. Click the OK button at lower-right to close the Advanced window.

      Image Modified

    11. Close the Accounts window by clicking the red “X” dot at upper-left. This will also save any changes.

Note: It is necessary to install the S/MIME email certificate on a Windows PC and using Outlook for O365 for Windows to synch the certificate to the Global Address List on the Microsoft hosted server.

...

Filter by label (Content by label)
showLabelsfalse
max5
spacesISTKB
sortmodified
showSpacefalse
reversetrue
typepage
cqllabel in ( "ist" , "knowledge" , "base" , "email" , "encryption" , "certificate" , "globalsign" , "s/mime" , "mac" , "outlook" ) and type = "page" and space = "ISTKB"
labelsvirtual meetings teams
Info

Need help?

Contact the IST Service Desk online or 519-888-4567 ext. 44357.

Tip

Article feedback

If you’d like to share any feedback about this article, please let us know.