We recently had a customer reaching out to our support to assist setting up Digitally signed emails in the Lansweeper Helpdesk.
What?
This blog describes how first, to create a self-signed certificate, secondly, how to configure Outlook to send Digitally signed emails using this certificate.
Phase 1: Generate a Self-Signed certificate
Generate your own Certificate Authority (CA)
This will create a new Certificate Authority. If you have done this step before, you can skip this step.
openssl req -nodes -new -x509 -days 3650 -newkey rsa:4096 -keyout ca.key -out ca.crt -extensions v3_ca -subj "/CN=My-CA"
Generate a key and signing request (*.key and *.csr)
This will generate a new private key and a certificate signing request (CSR) for a specific user. You will be prompted for some additional information. You need to enter the email address here, most other info can be default.
openssl req -nodes -new -newkey rsa:4096 -keyout smime_test_user.key -out smime_test_user.csr
Generating a RSA private key
............................................................................................................................................++++
........................................................................................................................................................................................................................++++
writing new private key to 'smime_test_user.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:BE
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]: <ENTER YOUR ORGANIZATION NAME HERE>
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: <ENTER YOUR HOSTNAME HERE>
Email Address []: <ENTER YOUR EMAIL ADDRESS HERE>
Sign the request with the CA from step 1
openssl x509 -req -days 3650 -in smime_test_user.csr -CA ca.crt -CAkey ca.key -set_serial 1 -out smime_test_user.crt -addtrust emailProtection -addreject clientAuth -addreject serverAuth -trustout -extensions smimeSignature ok
subject=C = BE, ST = Some-State, O = Internet Widgits Pty Ltd, CN = <YOUR CN>, emailAddress = <YOUR EMAIL ADDRESS>
Getting CA Private Key
Package the key and certificate into a pkcs12 format
You will be asked to supply a password which will be used to encrypt the resulting file (.p12 file).
openssl pkcs12 -export -in smime_test_user.crt -inkey smime_test_user.key -out smime_test_user.p12Enter Export Password:
Verifying - Enter Export Password:
Copy the certificates to your target Windows machine
You’ll need to copy the ca.crt and smime_test_user.p12 files to the machine from where you will be sending email.
Phase 2: Configure Outlook
Copy ca.crt and smime_test_user.p12 to the Windows machine
Install the root CA on the user's Windows machine
Double click on the ca.crt file
Install the smime_test_user.p12 certificate&key in Outlook
Go to Outlook options, then Trust Center Settings.
Import the smime_test_user.p12 file here. You need to supply the password you used when creating the p12 file.
Go to Encrypted email Settings…
And Choose… your certificate. You need to give a Security Settings Name too (any name):
Phase 3: Now you can send a signed email!
Create a new, email, then go to Options and enable “Sign”
On the receiving end, you will notice the certificate icon on the email.
| Note: |
Was this post helpful? Leave a Kudo!
Did you have a similar issue and a
different solution? Share your work in the comments below and help your fellow IT Hero's!
More questions?
Browse
our
Quick Tech Solutions
or
Community Forum.
If you can't find what you're looking for, create a post in our Community Forum.
