S%2fmime Reader

by

The second component of S/MIME (encryption) entails that your email data — MIME data — is encrypted before it transmits from point A to point B (to/from a web server and email client). This encryption is done using a public key and the content of the message is then decrypted using the recipient’s corresponding private key. Setting up S/MIME for Exchange Online with Outlook Web App involves the following key steps: Configure S/MIME settings for Outlook Web App. Set up virtual certificate collection to validate S/MIME. Sync user certificates to Office 365 for S/MIME. Also have look at the following blog to know more detailed info about certificates. Solution 2: The Edge web browser does not support S/MIME. See my recommendation above to see how to use Internet Explorer to read and send your encrypted emails when using OWA / webmail. Information ( from Microsoft ): To understand the problem with OWA, Edge, and S/MIME you need to know the OWA S/MIME is an Active-X control.

Installing the S/MIME Certificate on your Apple Mac


Using S/MIME Client Certificates with Apple Mail and Outlook for OS X

You can use Client Certificates, also called 'S/MIME Certs' or 'Personal Certificates', with most e-mail clients to digitally sign or encrypt e-mail.
When you receive your certificate from InCommon, it will be encrypted in the PKCS 12 format (.p12 or .pfx), using the PIN you created for it at the time of request. You will need this pass-phrase to install the cert.
The Incommon Certificate Manager will deliver the certificate to the end-user in PKCS#12 file format (.p12 file). The PIN specified in the PIN fields is used to protect access to this .p12 file. The end-user will be asked for this PIN when he/she imports the certificate into the certificate store of their machine.

Installing in OS X

  1. Double-click the file downloaded from the InCommon Certificate Manager.
  2. OS X Keychain Access will prompt you for the certificate passphrase; enter the passphrase you created when you requested the certificate.

The certificate will be installed on your Mac and will appear in the 'My Certificates' section of Keychain Access. The certificate is now available for Apple Mail, Outlook, and other applications that can use client certificates.
Note: Your certificate is only available on the computer and user account where you install it. If you want your personal certificate on other computers or devices you will need to export it.

Exporting your certificate

  1. From the Applications folder, open the Utilities folder and then open Keychain Access.
  2. Select the key-chain where you installed your certificate; this will usually be the login key-chain.
  3. In the 'Categories' section, select Certificates. The right pane will display a list of all your installed certificates.
  4. Select the certificate associated with your name. You may have more than one personal certificate in your Keychain; select the one issued by 'InCommon Standard Assurance Client CA' with the latest expiration date.
  5. Right-click the certificate and select Export; alternatively, from the File menu, select Export Items.
  6. Select a location for export, such as your Desktop. The file name should end with .p12 and the file format must be 'Personal Information Exchange (.p12)'.
  7. Give your exported item a strong pass-phrase.
  8. Now you can transfer your encrypted certificate file to another computer using a USB key, email, or other file sharing method.

Using your certificate with Apple Mail

Use these instructions to enable Apple Mail to use client certificates to digitally sign and encrypt e-mail.
Enabling digital signing and encryption

If you have just installed your certificate on your Mac, close Mail and then restart it.
Begin composing an e-mail message. A 'Signed' icon, containing a check mark, should be in the lower right of the message header to indicate that the message will be signed. If the 'Signed' icon does not appear, select Customize in the lower left of the message header and add the 'Lock' and 'Signed' icons.

Signing E-mail
To send a signed message, verify that the 'Signed' icon has a check mark in it, and not an 'x'. If the 'Signed' icon shows an 'x', your message will not be signed.
You may not want to sign messages to e-mailing lists, because S/MIME digital signatures are attachments, which some e-mail lists do not accept.
Encrypting E-mail
If you have the public certificate for the user or users to whom the messages is addressed, you will be able to encrypt the e-mail message: In the lower right of the message header, click the open lock icon to lock it; when the icon is locked your e-mail message will be encrypted.
If you do not have certificates for everyone to whom the message is addressed, you will be prompted to send the message unencrypted.

Using your certificate with Outlook for OS X

Use these instructions to enable Outlook to use client certificates to digitally sign and encrypt e-mail. Enabling digital signing and encryption

  1. If you have just installed your certificate on your Mac, close Outlook and then restart it.
  2. From the Outlook menu, select Preferences.
  3. From the Personal Settings section select Accounts. Select your University Exchange e-mail account (if Outlook prompts you, click Allow to access the certificates in your Keychain), click Advanced, and then select the Security tab.
  4. In the 'Digital signing' section, select your certificate from the drop-down menu.
  5. For 'Signing algorithm', the default value of SHA-256 is appropriate for most situations.
  6. For the best usability enable all three check box options:
  • Sign outgoing messages
  • Send digitally signed messages as clear text
  • Include my certificates in signed messages

In the 'Encryption' section, select your certificate from the drop-down menu.
For 'Encryption algorithm', ASE-256 is the best option. It is not necessary to check Encrypt outgoing messages; each email message can be optionally encrypted when you compose it.
The university does not currently use the 'Certificate authentication' options, so DO NOT set this.
Click OK to save your changes and exit Outlook Preferences.


Signing E-mail
By default your e-mail messages will be digitally signed. To indicate signing a lock icon, with the text 'This message will be digitally signed', will appear in the lower left of the message header when you compose an e-mail message.
If you do not want to default sign a message; from the Options tab of the e-mail message, select Security and uncheck Digitally Sign Message.
You may not want to sign messages to mailing lists, because S/MIME digital signatures are attachments, which some lists do not accept.
Encrypting E-mail
Address and compose your email message. From the Options tab of the e-mail message, select Security and check Encrypt Message.
If Outlook is unable to find certificates for everyone to whom the message is addressed, you will be prompted to search the Exchange Global Address List (GAL) for user certificates.
In the event Outlook is still unable to find certificates for all addressees, you will be prompted to send the message unencrypted.
Installation and usage instructions:

Windows and Microsoft Outlook
iOS devices

SSL Server Certificates FAQ | SSL Certificate Guidelines | Client or S/MIME Certificates | End-User S/MIME Certificate Request

S/MIME support for Outlook on the Web (OWA) used to be only available in Internet Explorer but it is now also possible to add this to Google Chrome and the new Microsoft Edge browser.

However, adding the required extension isn’t (currently) possible via the traditional means of using the Chrome Web Store or the Microsoft Edge Addons page.

This guide explains how you can manually install or deploy the Microsoft S/MIME Control for Outlook on the web.


Infobar message when trying to open an S/MIME message in OWA.

  • Step 1: Install the S/MIME extension
S%2fmime Reader

Note:
This guide applies to the new Microsoft Edge which is based on the same rendering engine as Google Chrome. You can recognize it by the new icon shown on the right, instead of the traditional blue “e” icon.

Step 1: Install the S/MIME extension

As mentioned, the Microsoft S/MIME extension can’t be installed from the browser store like other extensions. Instead, you’ll have to configure the browser to install it automatically by deploying a Registry value or Group Policy.

The Registry method might be the easiest method for testing, but the Group Policy method is the recommended way to go for corporate administrators.

Either method has the same result as the Group Policy sets the exact same Registry value.

After applying a method, restart the browser and after a little while, you’ll see the Outlook icon next to the Address Bar to indicate that the extension has been installed.

The extension will also be listed by opening the Menu in Chrome or Edge and choosing “Managed by your organization” or by going to the following page in chrome://management or edge://management.

Important!
For either method, it is required that the targeted computer is domain-joined. The extension is automatically blocked by both Google Chrome and Microsoft Edge when the computer is not domain-joined.

Method 1: Registry

To have the browser install the Microsoft S/MIME extension, you’ll have to set the ExtensionInstallForceList value in the Registry. Below you’ll find the location for both Microsoft Edge and Google Chrome.

Key Microsoft Edge: HKEY_CURRENT_USERSoftwarePoliciesMicrosoftEdgeExtensionInstallForcelist

Key Google Chrome: HKEY_CURRENT_USERSoftwarePoliciesGoogleChromeExtensionInstallForcelist

Value Name: 1
Value type: REG_SZ

Value Office 365: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx

Value Exchange On-Premises: maafgiompdekodanheihhgilkjchcakm;https://<your owa url>/owa/SmimeCrxUpdate.ashx


Setting the ExtensionInstallForcelist value in the Registry Editor to install the S/MIME extension.

Method 2: Group Policy

To set the registry value above, you can also use the Group Policy templates.

  • Download: Google Chrome Group Policy Templates
  • Download: Microsoft Edge Group Policy Templates

For instructions on how to install and use Group Policy templates you can use the guide; Setting Outlook Group Policies.

You can find the policy setting in the following location;

  • Google Chrome
    User Configuration-> Administrative Templates-> Google-> Google Chrome-> Extensions-> Configure the list of force-installed apps and extensions
  • Microsoft Edge
    User Configuration-> Administrative Templates-> Microsoft Edge-> Extensions-> Control which extensions are installed silently

Set the policy setting to Enabled the and click on the “Show…” button to add the following value;

  • Office 365
    maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx
  • Exchange On-Premises:
    maafgiompdekodanheihhgilkjchcakm;https://<your owa url>/owa/SmimeCrxUpdate.ashx


Setting the ExtensionInstallForcelist value in the Group Policy Editor to install the S/MIME extension.

Step 2: Configure the S/MIME extension

When you are using a mailbox hosted in Office 365 or Outlook.com, you can skip this step.

When you are using a mailbox hosted in an On-Premises Exchange environment, then you must add the Outlook on the Web domain to the “Allowed domains” list.


Infobar message when using the S/MIME Extension in an On-Premises Exchange environment.

To do this, click on the “click here” link in the infobar message or click on the Outlook icon right from the Address Bar and choose: Extension Options.

Another way to get to the Extension Options page of the S/MIME extension is by going to the following page;

  • Google Chrome
    chrome-extension://maafgiompdekodanheihhgilkjchcakm/Options.html
  • Microsoft Edge
    extension://maafgiompdekodanheihhgilkjchcakm/Options.html


Add your On-Premises mail domain to the S/MIME Control options.

Step 3: Download and install the S/MIME control

After installing the extension, you’ll notice that you still won’t be able to open S/MIME encrypted messages. The infobar however has changed and instructs you to install the S/MIME control and contains a link to download this control.

S 2fmime Reader App

For Office 365, this link currently point to here but that can change in the future.

For Exchange On-Premises, it points to;
https://<your owa url>/owa/smime/SmimeOutlookWebChrome.msi

S/mime Reader Mac

This link can also be found in the S/MIME Settings section of the Options page in Outlook on the web. Instructions for getting to this additional options page are in Step 4.

Because this S/MIME control installer is actually intended for deployment, the installation of this package is silent and doesn’t give any feedback whether the installation was successful or not. You can however still install it manually and it doesn’t require administrator permissions to install it for most domain configurations.

S 2fmime Reader Free

Give the installer a good minute to complete. When it installed successfully, it will also show in your Apps list in Windows Settings.

Once installed, restart the browser and you should be able to read and send S/MIME encrypted emails as well as adding digital signatures to emails. The infobar will show the following information when the message can be decrypted and the digital signature can be verified;

Step 4: S/MIME settings in Outlook on the Web (OWA)

Now that S/MIME is properly installed and configured in the browser, you can also configure additional S/MIME setting in Outlook on the Web.

  • Office 365
    Gear icon in the top right-> View all Outlook settings-> Mail-> S/MIME
  • Exchange 2019 / 2016 / 2013
    Gear icon in the top right-> Options-> Mail-> S/MIME

S/mime Reader Windows 7


S/MIME settings page in Outlook on the Web for Office 365.

S/mime Reader Android

More info

Use the following links to find out more about using S/MIME with Outlook on the Web (OWA) when using Google Chrome or Microsoft Edge.