Installing an email certificate - Outlook for Windows

Owned by Natasha Jennings
Last updated: Apr 12, 2023 by Barb Yantha
4 min read

Before you install an email certificate

Make sure you request and download your S/MIME certificate first. To request a S/MIME Certificate for your University of Waterloo Email Address, visit the self-service GlobalSign Client Certificate request page.

Learn more about how to request and download a GlobalSign S/MIME certificate

The certificate must be issued to the same email you are sending from. If the certificate was issued to your friendly email (e.g. firstname.lastname@uwaterloo.ca), please enter it into the Full Email Address field, otherwise you can enter your 8-character username @uwaterloo.ca (e.g. myuserna@uwaterloo.ca).

How to install an email certificate

  1. Navigate to the folder where your downloaded certificate is stored. Click on the file to open. 




  2. The Certificate Import Wizard window will open. Storage location should be set to Current User. Click Next



  3. Click Browse to locate your certificate file if it is not already auto-populated. Click Next.




  4. Enter your certificate password. Click Next



  5. Select the Automatically select the certificate store based on the type of certificate option. Click Next.



  6. Your certificate will finish importing once you click Finish. In the pop-up window, click OK.






  7. In Outlook, go to File > Options. In the Outlook Options window, click on Trust Center and click Trust Center Settings.




  8. Click on Email Security > Settings




  9. Select your certificate from the Security Settings Name drop-down menu. In the Hash Algorithm drop-down menu, select SHA256. Click OK.





  10. In the Email Security settings, select any or all of the following checkboxes below if desired. Click OK when done.

    1. Encrypt contents and attachments for outgoing messages - encrypts all content and attachments for outgoing messages.

      1. Note: You cannot send encrypted emails to individuals who do not have their digital signature activated.

    2. Add digital signature to outgoing messages - adds your digital signature to all outgoing messages

    3. Send clear text signed message when sending signed messages - Allows recipients who do not have S/MIME security to be able to read your encrypted message. This checkbox is selected by default.

    4. Request S/MIME receipt for all S/MIME signed messages - Verifies your digitally signed message was received unaltered by the intended recipients. You can request email notifications for which recipient opened your message and when your message was opened. 





  11. To encrypt an email message individually:

You cannot send encrypted emails to individuals who do not have their digital signature activated.

 

12. When composing a new email, go to Options > Encrypt. Select Encrypt with S/MIME.

 

13. Publish your certificate to the Global Address List (GAL). Your certificate needs to be published in the GAL in order to send encrypted messages. 

It may take up to 48 hours for your Digital ID/certificate to be published in the GAL.