How to Install and Use a Digital Certificate for Sending Encrypted Email

The following is text from a document I wrote for folks at work to setup digital certificates in Outlook. This also works in Outlook Express, but we all know the caveats with OE. By default, email is sent in plain text and anyone with a sniffer can view the content of an email. The purpose of using digital certificates is to ensure “unreadability” of email on the wire. The nice thing about using certificates is only the desired recipient can read the email (when you encrypt) however, the drawback of the initial setup for both sender and recipient can be daunting for the non-technically inclined…

Abstract:         This document provides instructions on how install and use a digital certificate for the purpose of signing and encrypting email. Signing an email means you guarantee your identity to your intended recipient. Encrypting an email guarantees that the contents cannot be viewed on the wire during transport.

Assumption:   You are using Outlook or Outlook Express as your email client for encrypting and signing of email

Step 1, Request Certificate: Go to the following URL and apply for the comodo free email certificate: When registering, use the email address that you will send encrypted email from. Leave the “Advanced Security Options” on the default. You do not need to “opt in” for their newsletter, unless you want email sent to you regarding their products. Once you finish entering the required data in the form, click “agree and continue” at the bottom. Say “yes” to the pop up dialogue window. Step 2, Install Certificate: Once you receive your confirmation email (this will take 5 to 10 minutes) from comodogroup, locate your “collection password” in the email and copy it. Click on the “Collect and Install Certificate” button they provide in the email. Enter your email address that you registered with and paste your “collection password” where prompted. Click “Submit and Continue”. Say “yes” to any prompts that ask you about installing the certificate.Now that you have the certificate installed you need to enable the sending of your digital ID. This is the first in a two-step process for sending encrypted email. The process is similar (with minor differences) for both Outlook and Outlook express.

Step 3, Enabling Digital ID: Open Outlook or Outlook Express (OE) and go to Tools then Options then the Security Tab. Check the box that says Add digital signature to outgoing messages. Click “Okay” at the bottom to close the window and initiate the change. In order for you to send encrypted email you must have your intended recipient’s digital ID registered in your email client under the Contact List (in Outlook) or the Address Book (in OE). This means they will need to follow the same process outlined in this document and supply you with their digital ID. You cannot send encrypted email until they have given you their digital ID and you have registered it in your email client’s contact list.

Step 4, Sending Digital ID: Open Outlook (or OE) and compose a new email. You will notice a small icon that looks like this:  in your toolbar and it should be checked by default. When you send the email, your digital ID will be sent along with it. Your recipient will need to register your digital ID by doing the following: Double-click the email to view it in a separate window. Then, right-click on the sender’s name and select “Add to Contacts” (or “Add to Address book” in OE) from the cascade menu. This will automatically place the contact in your list and register their digital ID.
You can check that the digital ID is properly registered by opening the contact and selecting the Certificate tab. You should see their certificate. Once this step is done for both individuals who wish to send and receive encrypted email, you may proceed to step 5. Read the following two steps before selecting which process you wish to use.

Step 5, Enabling Encryption Option 1 (always on): Open Outlook or Outlook Express (OE) and go to Tools then Options then the Security Tab. Check the box that says Encrypt contents and attachments for outgoing messages. Click “Okay” at the bottom to close the window and initiate the change. When you compose and send a message to someone for whom you do not have a registered digital ID, you will receive a warning stating there was a problem with sending to the recipient. The warning will offer that you send the email as “unencrypted”. This option will still send your digital ID, but not encrypt the email. If you receive this error and you know you have the person’s digital ID registered, make sure you are selecting your recipient from the Contact List or Address Book. If you only have one or two people that you need to send encrypted email to, use the following option.

Step 6, Enabling Encryption Option 2 (selective): Open Outlook or Outlook Express (OE) and compose a new email. You should see another new icon in your toolbar that looks like this:   Click this icon to enable the sending of an encrypted email. Make sure you select the recipient from your Contact List or Address Book for whom you have previously registered their digital ID.
Final notes: Your digital email certificate is good for one year. At the end of one year, you can go to and re-apply for the same certificate. Also, it is strongly recommended that you export your certificate to a safe place in case you need to reload it later. To export, follow these instructions: 
Start Internet Explorer, select Tools, Internet Options, Content, Certificates.
On the Personal Certificates tab, click on the certificate to export and Select Export.
Then follow the Export wizard.
When requested, select ‘Yes, export the private key’, and ‘Include all certificates in the certification path, if possible’.
Type a password which you can remember later.
Then select the save location and give the file a name, but leave the ‘Type’ as ‘Personal Information Exchange (*.pfx)’.
Once finished the file and associated private key is saved as a pfx file.

How do I install / import my certificate?
Copy the pfx file to the machine it is to be installed and then double-click that file.
Follow the wizard and provide the password when requested.
Let the wizard automatically select the locations for the files to be imported to.

Leave a Reply

Your email address will not be published. Required fields are marked *