Are you looking to secure Outlook emails? Here is an ultimate guide on downloading, installing, and using your email signing certificates in the Outlook account.

Cyberattacks are increasing, and attackers try to fetch sensitive information using different means. For example, email is one of the primary mediums for hackers to attack organizations. According to a report, high-risk email threats increased to 101% in 2021. Therefore, you should secure your email communications to avoid cyber threats. 

Email signing certificates can help secure communication between the organization and external parties. It allows businesses to sign emails and verify the sender’s identity through a certificate authority (CA) vetting. 

Businesses can encrypt all the contents of emails with such SMIME Certificates as attachments, messages, and more. Therefore, the security of your communication must install an email singing certificate to your accounts like Microsoft outlook. We will discuss installing such certificates on your outlook account and the significance of email signing.

Let us start by understanding the email signing certificate.

What is an email signing certificate?

An email signing certificate is a critical public infrastructure (PKI)-based digital signature that enables organizations to sign and encrypt emails. It uses asymmetric encryptions where security keys for encryptions and decryption processes are different. 

An email signing process ensures that the contents of your message are secure both at the receiver endpoint and during transit. In addition, it offers security against man-in-middle (MITM) attacks.

So, how does an email signing certificate work?

Email signing certificate uses two types of security keys public and private. While the public key encrypts an email, the private key allows the recipient to decrypt it. The public key is available publicly, but the private key is assigned to the desired recipient only. 

Let’s first understand the email signing process and installation on the Outlook account.

Installation of emails signing certificate on Outlook

The email signing process begins with generating a certificate signing request (CSR). You can generate CSR through a utility tool like OpenSSL. However, the best way to generate CSR is to use order detail, but you need to be accurate with data, or else it can be rejected. So, let us comprehend the entire process gradually.

Step 1- Generating the email signing request.

OpenSSL is an open-source utility tool that you can use to generate CSRs and private keys for X.509 certificates. Especially if you are using operating systems like Linux or macOS, OpenSSL comes preinstalled. In Windows, you may need a Linux subsystem for OpenSSL.

You can use a command to generate CSR with the OpenSSL,

openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out YourCSR.csr

Every element in the command has its significance,

  • openssl is the main command
  • req is an OpenSSL utility you need to generate CSR
  • -newkey rsa:2048 is essential for the generation of 2048-bit-based private keys
  • -keyout PRIVATEKEY.key helps in specifying where you will save the private key file
  • Similarly -out YourCSR.csr helps in knowing where to save the CSR file.

The vetting process begins after your CSR and the private key is generated.

Step-2 CA verification stage

A CA will verify your details mentioned in the CSR to issue the email signing certificate. However, it becomes crucial to find a trustworthy CA. For example, Sectigo is a leading certificate authority that provides different certificates. It offers various options for email security for enterprises, startups, and small businesses. 

Once CA verifies your credentials and issues a certificate, you will receive an email with the bundle containing all the files required for the installation process.

Step-3 Download and install the email signing certificate in the Outlook account

The first part of the installation process involves downloading the certificate file in a PKCS#12 format. CAS like Sectigo will provide a link for downloading the file in your email. Next, you will be asked to create a password for the file and save it. 

For example, the process is straightforward if you want to install the Sectigo PAC Enterprise certificate on your Outlook account. The reason to choose Sectigo is faster issuance, ease of download, and installation. However, some CAs may not provide the certificate file in a PKCS#12 format. 

Here is how you can use OpenSSL to convert the certificate file to PKCS#12 format,

Open the command line and execute the following code. One key to successful conversion to PKCS#12 format is matching the file name. So, your certificate file name and the one you use in a command need to match.

openssl pkcs7 -print_certs -in mycertificate.p7b -out mycertificate.cer

openssl pkcs12 -export -in mycertificate.cer -inkey privateKey.key -out mycertificate.pfx -mycertfile CACert.cer

Now that you have PKCS#12-format file ready, it is time to install it.

Step-4 Installing the email signing certificate file in Outlook

The process of installing your Sectigo PAC Enterprise (SMIME) begins by login into your Outlook account. Now search for the options menu by clicking on the sidebar.

Click on the “Trust Center” option in the settings menu.

Now click on the trust center settings options, and a new window will open.

Select the default settings option and provide details in the new wizard

Here, set the default setting for your email signing certificate to S/MIME. Now it is time to select the Sectigo PAC Enterprise (SMIME) certificate in the “signing certificate” option. Once you click on the browse option to choose the signing certificate following pop-up window will appear on the screen.

Once you click on “OK,” your email signing certificate will be installed in the Outlook account. Next, you can start signing your emails for higher security.

Step-5 Signing your emails

When composing your emails, go to the “options” menu and choose “more options.” A new window will pop up with different fields.

Now check for “change security settings for this message” and choose the button below with the text, “Security Settings.”

A new wizard will open where you need to tick the box specifying whether you want to encrypt the message and its attachments or not. Next, tick on the option of adding a digital signature to your email. Now add the installed certificate by clicking on the option “change setting.”

Click on “OK,” and your email will be signed.


Email signing certificates are necessary for businesses that deal with exchanging sensitive information in their communications within or outside the organization. Data leaks can be dangerous as it leads to the loss of vital information, business secrets, and a lack of user trust.

Therefore, installing a digital certificate in your Outlook accounts is best and secure the emails. You can use our five-step approach for instant installation and signing of emails. Further, if there is any doubt about any steps, comment below and let us know!

Request a Free Consultation