0

I got some questions regarding S/MIME in Outlook and certificates in general. Some questions arrised about the possibility to digitally sign emails in my company. As I'm new to the topic I had to do some research first.

I found out that you can use the S/MIME option in Outlook to digitally sign your emails with it. The problem lies with the user-certificates. I only have a wildcard certificate available, which we use for webservices. I found out that it won't do good to use this certificate for S/MIME purposes since the recipient can't really verify the signature with the senders-email (don't know the exact statement) and therefore the email could be dropped/rejected. And I don't think it would be good to use only 1 certificate for all users in the company.

What are the best practices to get S/MIME certificates for about 100 users? Do I have to buy them or may I derive new certificates from the existing wildcard certificate if that's even possible? The certificates have to be trusted for internal and external users.

Thank you in advance!

-flos12

flos12
  • 3
  • 2
  • 1
    I think if found the answer in https://serverfault.com/questions/808291/email-signing-using-commercial-ssl-certificate?rq=1 . Saw this thread a little bit too late. – flos12 Jan 09 '19 at 14:50

1 Answers1

0

In my understanding, S/MIME use certificates to signing and message encryption.

If using Windows Enterprise CA, it may require following steps:

a. Create certificate templates for signing and encrypting email messages.

b. Request user certificates by those templates.

c. Install the certificates on client.

d. Use S/MIME via the certificates.

I found this guide about S/MIME.

I noticed you had a wildcard certificate, I’m not sure if it is a third-party trusted server certificate. However, if you want to use S/MIME, you may need a client certificate. You may check it with the certificate vendor.

Here is an article about client certificate you may refer to.

Shaw
  • 339
  • 1
  • 4