Signing and encrypting email messages with X.509 certificates
HCL Traveler for Microsoft Outlook (HTMO) supports Domino signing and encryption/decryption of emails exchanged with other Domino email users. Beginning in HTMO 3.0.1, end-to-end encryption and signing via native Microsoft Outlook X.509 certificate handling is also supported.
A user can sign messages using their X.509 public key, encrypt messages using the recipient's X.509 public key, and decrypt received messages using his X.509 private key. The native Outlook processing encodes secured emails using S/MIME.A message can be secured using either Domino signing/encryption or S/MIME signing/encryption, but not both.
To encrypt or sign an email using S/MIME, when composing an email in Outlook, hit the Options tab to see the Encrypt and Sign icons. Those icons will appear once the X.509 certificates are properly installed.
The Traveler server configuration value NTS_SMIME_SUPPORT=true must be set to enable this function. For more information, see Notes.ini settings.
Prerequisites
- Traveler 11.0.1 or higher
- X.509 public/private keys generated for each user
The following steps describe how to configure your HTMO Outlook Profile to send X.509 signed messages.
Installing the private key in Outlook for signing mail
- Make sure you have the following:
- Your private key in either
.p12
or.pfx
format - The certificate password
- Your private key in either
- In Outlook, select .
- Select Import existing Digital ID from a file, browse for the .p12 file, enter the certificate password, and hit OK.
- For Importing a new private exchange key, leave the default (Medium) and hit OK.
- On the "Security Warning" popup asking Do you want to install this certificate?, hit Yes.
- Select . Uncheck all options.
- Select Settings. Change Security Settings should be filled in with the correct defaults (all checkboxes checked), but if not, select appropriate settings. Hit OK twice to exit back to Outlook's mail screen.
You should now be able to see Outlook’s option to Sign a message.
Importing Public Certificates to local Outlook contacts for sending encrypted mail
To send S/MIME encrypted mail to others, their public keys must be present in mail
file local contacts. Users can export public certificates from signed messages via
Outlook as .p7b
files, and then import these files into local
Outlook contacts.
- From a signed message, click on the signature icon, then click on Details….
- Click View Details.
- Click View Certificate.
- Click Copy to File.
- Export to
.p7b
file format, and navigate through the remaining screens to save the file. - Navigate to local contacts in Outlook (People), locate the contact (if already exists or create new), and navigate to Certificates view.
- Import the previously exported certificate file and save the contact.
You should now be able to see Outlook's option to send an encrypted message to the recipient.