Skip to main content

How to send/receive encrypted email from Microsoft Outlook

Guide has been updated for Outlook for Office 365/Outlook 2019


This guide will help you with configuring Outlook to send encrypted e-mail using S/MIME.

For the purposes of this guide, an external user is someone who has their email hosted outside the domain and control of the Hermes Secure Email Gateway. For example, an external user would have their email hosted with an email service like Gmail, yahoo etc. Typically, this external user has the need to send/receive encrypted email with an internal user i.e. someone who is inside the domain and consequently the control of the Hermes Secure Email Gateway.


This guide assumes you have already received an email with an attached .pfx file. A .pfx file is nothing more than a password protected certificate that you have to install into your Outlook email client. In order to install the certificate, you must have the password which should had been given to you separately.


  • Open the email with the subject Your PFX Certificate File with the attached .pfx file (Figure 1)

Figure 1


  • Double-click on the attached key.pfx file. If you get an opening attachment warning, click the Open button (Figure 2)

Figure 2


  • On the Certificate Import Wizard window, ensure Current User is selected and click the Next button (Figure 3)

Figure 3


  • On the File to Import window, simply click the Next button again (Figure 4)

Figure 4


  • On the Private key protection window, enter the certificate password you were provided in the Password field, ensure Mark this key as exportable options is  checked and click the Next button (Figure 5)

Figure 5


  • On the Certificate Store window ensure that Automatically select the certificate store based on the type of certificate is selected and click the Next button (Figure 6)

Figure 6


  • On the final Completing the Certificate Import Wizard window simply click the Finish button (Figure 7)

Figure 7


  • You should get a The Import was successful window. Click OK to close that window (Figure 8)

Figure 8


  • Next, back in your Outlook, click on File --> Options  (Figure 9)

Figure 9


  • In the Outlook Options window, click on the Trust Center option on the left and then click on the Trust Center Settings button (Figure 10).

Figure 10


  • In the Trust Center window, click on Email Security a under Encrypted email section click the Settings button (Figure 11)

Figure 11


  • In the Change Security Settings window, enter a friendly name of your choosing in the Security Settings Name field (Figure 12).

Figure 12


  • Next, click on the Choose button on the Signing Certificate section (Figure 13).

Figure 13


  • On the Select a Certificate window, click on More choices (Figure 14).

Figure 14


On the More choices list of certificates, select the certificate with your e-mail address, ensuring the Valid From field has an end date in the future and then click on the OK button (Figure 15). It's possible you have more than one certificate installed in your machine, so you must ensure you select the correct certificate. If you are unsure, ask your for help with your IT department.

Figure 15


  • Next, back in the Change Security Settings window, the Signing Certificate and the Encryption Certificate sections should be filled in with your e-mail address. Click the OK button (Figure 16).

Figure 16


Next, back in the Trust Center window, click the OK button to return back to Outlook (Figure 17).

Figure 17


  • Next, back in Outlook Home window, click New Email to compose a new email message. In the compose message window, click on Options and note the Encrypt and Sign buttons (Figure 18).

Figure 18


  • In order to send an encrypted message to someone, you must first have that person's public key. That's usually accomplished by having that person send you a signed e-mail message which you can then import that person and their public key into your Outlook contacts.

  • Once you receive a signed e-mail message, double-click it to open that message and ensure a the digital signature icon on the top-right hand corner of the message (Figure 19).

Figure 19


  • Next, right-click on the name of the sender on the message and on the resultant drop-down menu click on Add to Outlook Contacts (Figure 20)

Figure 20


  • Next, in the Contact window, click on the Certificates button (Figure 21)

Figure 21


  • Ensure that a certificate (public key) appears under the Certificates (Digital IDs) section and click the Save & Close button to save the contact in your Outlook Contacts (Figure 22).

Figure 22


  • Since we now have the person's public key, we can now send encrypted e-mails to them. From the Outlook Home screen, click New Email to compose a new message to that person. In the To field, enter the person's e-mail address or select the previously saved contact from your Outlook contacts, click on Options and ensure Encrypt is selected and optionally the Sign button is selected (Sign is not required in order to send an encrypted e-mail) and then click the Send button (Figure 23).

Figure 23


  • If you did not get an error from Outlook about sending an encrypted e-mail, then you configuration has worked.