Outlook Digital ID (digital signature)

A Digital ID (digital signature) is much like an SSL certificate used on secured websites (think HTTPS) as it allows your Outlook to “stamp” your email with a digital ID that establishes the authenticity of the email.  Just as the SSL cert on a website establishes the fact that the website is, in fact, what it claims to be, the digital ID on your email establishes the fact that the email definitely originated with you.  And, just as the SSL cert is verified and authenticated by a “trusted third party”, the certs used for Digital ID’s are also verified and authenticated by a trusted third party.

When an email is tagged with a Digital ID the receiving party will see something similar to this:

image

Clicking on the icon brings up the following:

image

And clicking on the Details displays this:

image

There is no doubt at all as to who the sender is, it is me – signed, sealed and delivered!

You can add a digital ID to your Outlook by obtaining an appropriate digital ID cert from a third party supplier. Symantec (via verisign) offers 25 day free certs so that’s what I used for this procedure.

1. Obtain the cert and install as per instructions on your PC. This will install the cert in the local cert store and in the proper classification.  (NOTE: Your Outlook may allow you to order a Digital ID directly from the Trust Center in Outlook Options.)

2. In Outlook go to Options –> Trust Center –> Trust Center Settings — > Email Security.

3. Once there click on Settings beside the Default Setting:

clip_image002

4. On the Signing Certificate section click on Choose then select your cert (there probably is only one, there are two in my example, if you have multiples look at properties to ensure you have the right one:

clip_image004

5. Clicking OK will select it and install.

6. Selecting the “Add digital signature to outgoing messages” will force Outlook to send ALL messages with the digital signature, leaving this box unchecked will give you the option to add signature message by message.

clip_image006

If you have MULTIPLE email accounts connected in the Outlook profile do NOT make the above selection UNLESS you have added a cert for each account! If you make this selection and do not have certs for each account, Outlook will drive you MAD with nagging messages whenever you send email from a non-certed account. Better to leave the box unchecked and selectively apply digital signature. As follows:

clip_image008

7. You can apply a cert for another account by redoing steps 1,2 and 3 then when you click on Settings, click on the New button:

clip_image010

Give it a name (HINT: use the email address for the account you are certing), then choose the proper cert as in above steps. Leave everything else as is.

8. That’s it, now you can send email from the second (or third or fourth) account with its own digital ID.

OFFICE 365 NOTE:  At this point in time you cannot add a standalone digital ID like this to your account in Office 365 or access the cert in OWA, you can only do this from an actual Outlook client on a PC or Mac.  However, email will pass through your Office 365 and out to the world with the Digital ID intact when sent from your Outlook.  The reason for this quirk is that Office 365 does not yet support a “personal” certificate store like your local PC does.  Office 365 can use “corporate” Digital ID’s (ID’s tied in with AD based certificate servers but they are not the same thing as this personal ID).