How to send/receive encrypted email from Microsoft Outlook


An external user is someone who has their email hosted outside the domain and control of the Hermes Secure Email Gateway. For example, an external user would have their email hosted with an email service like Gmail, yahoo etc. Typically, this external user has the need to send/receive encrypted email with someone who is inside the domain and consequently the control of the Hermes Secure Email Gateway.

Prerequisites and Goals

  • The external user will be using Microsoft Outlook to send/receive email

  • The external user has been issued a secure email certificate from the Hermes Secure Email Gateway

  • The external user has installed the secure email certificate into their Microsoft Outlook

  • The internal user has sent a signed email to the external user and the external user has imported the internal user's certificate from that signed email into their Outlook contact for that internal user

  • The external user has configured their Outlook to send signed/encrypted email to the internal user

If all of the above sounds complicated, don't worry. This guide will walk you through every step of the way to get everything configured correctly.


For the purposes of this tutorial, we will use two email accounts. First, will be the internal user account (i.e. someone inside the domain and control of the Hermes Secure Email Gateway) and will be the external user account (i.e. someone outside the domain and control of the Hermes Secure Email Gateway). The reason we make this distrinction is because sending secure email from internal users is automatic, however sending secure email from external users requires configuring Outlook first.

This guide also assumes you have already received an email with an attached key.pfx file. A key.pfx file is nothing more than a password protected certificate that you have to install into your Outlook email client. In order to install the certificate, you must have the password which should had been given to you already. If not, please contact the internal user you will be communicating with securely and ask for the certificate password.


  • Open the email titled Your email encryption certificatewith the attached key.pfx file (Figure 1)

Figure 1

  • Double-click on the attached key.pfx file. If you get an opening attachment warning, click the Open button (Figure 2)

Figure 2

  • On the Certificate Import Wizard window, click the Next button (Figure 3)

Figure 3

  • On the File to Import window, simply click the Next button again (Figure 4)

Figure 4

  • On the Password window, enter the certificate password you were provided in the Password field, ensure Enable strong private key protection and the Mark this key as exportable options are unchecked and ensure the Include all extended properties option is checked and click the Next button (Figure 5)

Figure 5

  • On the Certificate Store window ensure that Automatically select the certificate store based on the type of certificate is selected and click the Next button (Figure 6)

Figure 6

  • On the final Completing the Certificate Import Wizard window simply click the Finish button (Figure 7)

Figure 7

  • You should get a The Import was successful window. Click OK to close that window (Figure 8)

Figure 8

  • Next, back in your Outlook, click on Tools >> Trust Center (Figure 9)

Figure 9

  • In the Trust Center window, click on the E-mail Security option and then ensure Encrypt contents and attachments for outgoing messages is checked and press the Settings button (Figure 10).

Figure 10

  • Next, in the Change Security Settings window, click on the Choose button (Figure 11)

Figure 11

  • Next, in the Confirm Certificate window, simply click the OK button (Figure 12)

Figure 12

  • Next, back in the Trust Center window, you will notice that in the Default Setting section, it's no longer blank and it has been filled by My S/MIME Settings.. followed by your email address. Your Outlook is now ready to send encrypted messages. Click the OK button to exit the Trust Center window (Figure 13)

Figure 13

  • Next, back in your Outlook window, click New to compose a new email message. In example message below, notice the new envelope with the padlock icon in the options section of the message. This means that Outlook will try to encrypt this message destined for (internal user) (Figure 14).

Figure 14

  • Click the Send button and you will immediately get an Encryption Problems window (Figure 15). The reason this happens is because there is no personal certificate saved for in your Outlook contacts so it's only possible to send an unencrypted message to that individual. Click the Send Unencrypted button and the message will go out as normal.

Figure 15

  • In order to send an encrypted message to that individual you need to save that individual's personal certificate into your Outlook contacts. Please note this is NOT the same certificate you saved earlier in this guide. That was your own certificate. So, please have the internal user simply send you an email. Once you receive that email, double-click it and open it. Please note that you MUST double-click the email message since the email is encrypted it will NOT preview in Outlook. Once you have the message open you willl notice a padlock icon and a ribbon icon to the right of the message. This means that the message has been encrypted and signed by the sender (Figure 16).

Figure 16

  • Next, right-click on the From field on the message and on the resultant drop-down menu click on Add to Outlook Contacts (Figure 17)

Figure 17

  • Next, on the Contact window, make any necessary changes you may want and click on the Save & Close window (Figure 18)

Figure 18

  • Saving the contact in your Outlook contacts also saves that individuals personal certificate. Once that certficate is saved in your Outlook contacts, you will be able to send encrypted emails to that individual without Outlook complaining.