Product SiteDocumentation Site

5.10. Signing and encrypting messages

Since Zarafa 6.10 it is possible to use S/Mime certificates. Certificates enables the use of digitally signing emails and/or encrypting emails.
The description in this manual is the manual procedure. An automatic way to receive a certificate is to use Active Directory Services (ADS). The automatic method is not described in the client manual, but will be described in the server manual.

5.10.1. Retrieving a certificate

In order to get a certificate a registration at a Certificate Authority (CA) is needed. Multiple possibilities are available; one is to have the Active Directory (AD) act as a CA, the other is to subscribe to an independent CA, like CaCert ( Certificates via AD

The company’s AD is configured to act as a CA:
  1. Open Internet Explorer
  2. Go to the following URL: http://<domainserver>/servcrt. If the URL is different, ask the systems administrator for the correct URL.
  3. Click on Request a certificate and on the next page on User Certificate to generate a certificate.
  4. The certificate will be placed into Outlook automatically. Certificates via an independent CA

  1. Go to the site of the CA.
  2. Register the email address and create a certificate.
  3. Use Firefox to retrieve the certificate.
  4. In Firefox, go to Tools > Options > Tab Advanced > tab Encryption > button View Certificates.
    Certificate Manager
    Figure 5.14. Certificate Manager

  5. Select the correct Certificate and Click Backup.
  6. Enter a password.
  7. Save the certificate as a PKCS12 file.
  8. Open Outlook.
  9. Go to Tools (if Outlook 2003: Options) > Security Tab > Click Import/Export… > Click Browse…
  10. Select the correct .P12 file.
  11. Enter the previous password.
  12. Enter in the field Digital ID Name: the email address for which the certificate is meant.
  13. Click button OK twice.

5.10.2. Check encrypted email settings

  1. Go to Tools > Options > Security tab > click Settings….
  2. Check if the field Security settings Name: contains the S/MIME settings for the email address.
Security Settings
Figure 5.15. Security Settings

5.10.3. Using the certificate

After entering the certificate into Outlook it can be used to digitally sign outgoing emails or receive encrypted incoming emails.
When a new email or reply is opened two new icons will be present: images/OL_MailSign.png (the option to digitally sign messages) and images/OL_MailEncrypt.png (the option to encrypt the message contents and attachments).