What is a Global Address List (GAL)?
A Global Address List (GAL) is a centralized directory of email addresses and contact information within an organization’s email system or directory service. It serves as a comprehensive and easily accessible repository of all email users, making it a valuable resource for efficient communication and collaboration.
When an Exchange Online organization is set up, it comes equipped with a GAL called Default Global Address List, serving as the main directory for all the organization’s recipients. There may be circumstances requiring the establishment of multiple GALs, such as when there’s a need to restrict visibility between different groups of recipients.
When S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates are added to a GAL, several benefits are gained which are explained in the next section.
What are the Benefits of Adding Your S/MIME Certificate to a Global Address List (GAL)?
- Streamlined Communication: When all public keys are readily available in a GAL, employees can immediately start sending encrypted emails to each other. This eliminates the need for the initial exchange of signed emails to share public keys, thereby streamlining the process of secure communication.
- Mitigation of Phishing Attacks: By making S/MIME certificates readily available in a GAL, it becomes easier for users to identify phishing attempts and malicious emails, as they can quickly verify the sender’s identity.
- User Convenience: If S/MIME certificates are published in GAL, it makes it more convenient for users to find and utilize S/MIME certificates. They can send and receive secure emails without the hassle of managing certificates separately.
- Reduction in Operational Delays: Without the need for initial key exchanges, communication can occur more swiftly. This reduction in procedural steps can lead to decreased operational delays in situations where immediate secure communication is necessary.
- Scalability: As the organization grows, adding new users and their certificates to a GAL is a scalable solution for maintaining secure email communications across an expanding workforce.
Publish your S/MIME certificate to a Global Address List (GAL)
- Launch Microsoft Outlook.
- Click File on the top menu.
- Click Options.
- Click Trust Center, followed by Trust Center Settings…
- Click the Email Security tab. Under the Encrypted email section, hover to Default Setting and choose the S/MIME certificate you want to publish to GAL by clicking the drop-down arrow. If there is another certificate you want to import to Outlook, click Settings… button.
- Under Digital IDs (Certificates) section, click the Publish to GAL… option.
- Outlook will prompt you to confirm publishing your certificate to GAL. Click OK.
- A prompt will appear asking for permission to access your private key. Click Allow.
- After a brief loading period, you will see a notification that your certificate has been successfully published.
There are no valid security settings to publish
- Some users might see this error: There are no valid security settings to publish. Would you like to remove your previously published settings? Click No and click the Settings… button.
- Under Certificates and Algorithms, make sure that your Signing Certificate and Encryption Certificate are the same. The Hash Algorithm should be SHA256. The Encryption Algorithm should be AES (256-bit).
Examine if a different certificate is assigned to either option. Place the correct one by clicking the Choose… button.
- Click More choices to show all available certificates that can be used. Choose the correct certificate and then click the OK button.
- Click the Publish to GAL… button again and see if the error is resolved.
Verify if your certificate has been added to the Global Address List (GAL)
- On Microsoft Outlook, click the icon for Address Book.
- Under the Address Book section, click the drop-down arrow and select Global Address List.
- Search for the name of the contact and click Add to Contacts.
- Click the Certificates tab. Double-click the highlighted name of the S/MIME certificate and the details of the published certificate will appear.