Web Analytics

Installing an S/MIME Certificate and Sending Secure Email in Outlook on macOS

Compare Email, Client, And Document signing certificates from SSL.com, starting at just $20.00 per year.

COMPARE CERTIFICATES

These instructions detail how to install an S/MIME certificate in macOS and use it to send secure email messages with Microsoft Outlook.

Download and install your S/MIME certificate

This section assumes you will be installing a Personal Basic or Personal Pro certificate in Keychain Access. If you have a Business Identity certificate shipped on a YubiKey FIPS, please read and follow these instructions for installing an S/MIME certificate on your YubiKey, then skip ahead to Configure Outlook.
  1. Download a PKCS#12 file with your certificate from your SSL.com account by clicking the link supplied in your Certificate Activation Link email and following the on-screen instructions in your web browser. You will be prompted to enter a password before downloading the file.

    Note: when downloading your certificate it is possible to choose between the RSA and ECDSA algorithms via the Algorithm drop-down menu. However, ECDSA keys cannot be used for email encryption, so it’s best to leave this set to RSA.
  2. In the Finder, double-click the PKCS#12 file to open the Keychain Access application (The filename extension is .p12). Alternately, you can drag the file to Keychain Access, located at /Applications/Utilities/Keychain Access.app, or open Keychain Access, select File >> Import Items… from the drop-down menus, then navigate to the file.Certificate in Finder
  3. When prompted, enter the password you used when retrieving the PKCS#12 file from SSL.com.
    Password prompt
  4. The certificate is now installed on your computer and is available for use by Apple Mail and other applications.
    Installed certificate

Configure Outlook

  1. Open Outlook and select Tools > Accounts from the menu.
    Accounts
  2. Select the account your certificate covers, then click the Advanced button.
    Select account and click Advanced button
  3. Click the Security tab.
    Security
  4. Choose the certificate you want to use for signing from the Certificate drop-down menu under Digital Signing. Note that if you are using a Business Identity certificate installed on a YubiKey, you can choose that key for signing. If so, make sure that the YubiKey is plugged into the computer when sending signed email.
    Choose certificate for digital signing
  5. Choose your default email signing preferences. It is recommended to check all three boxes.
    Set signing preferences
  6. Next, choose a certificate for encryption from the Certificate menu under Encryption. For most users, you can use the same certificate you selected for signing. If you are signing with a Business Identity certificate on a YubiKey, you will need to install a separate S/MIME certificate for encryption. Please read this how-to for more information.
    Choose encryption certificate
  7. Use the checkbox labeled Encrypt outgoing messages to set your default encryption preferences. Since you can only send an encrypted message to a person if you have their public key, it makes more sense to leave this unchecked.
    Set encryption preferences
  8. Click the OK button to save your preferences.
    Click the OK button
  9. Close the Accounts window.

Send secure mail

  1. Create a new message in Outlook. Note that if you set your preferences to sign email by default, you will see a message saying that “This message will be digitally signed.”
    This message will be digitally signed
  2. If you want to change the digital signature and encryption settings for the message, select the Options tab, then use the Encrypt and Sign buttons to toggle these features on and off. 
    Set signing and encryption options
  3. If you try to send an encrypted message to an email address that you do not yet have a public key for, Outlook will present a warning dialog allowing you to send the message unencrypted. To exchange public keys with another person, simply exchange signed, unencrypted email messages.
    Missing encryption certificate
  4. The first time you sign a message in Outlook with a private key installed in Keychain Access, macOS will prompt you for permission. Enter your macOS login password, then click the Always Allow button so that the OS will remember your decision. Note that if you are using a Business Identity certificate installed on a YubiKey you will be prompted for your PIN. 
    Give OS permission to use private key
Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe To SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com and stay informed of the latest changes about digital identity and encryption that can impact and enhance your life.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.