Skip to content Skip to footer

Mail encryption in Outlook

An S/MIME certificate (for signing/encrypting emails) allows you to digitally sign emails and encrypt their content, which improves the security of your correspondence.

Benefits of an S/MIME certificate:

  1. Signing messages.

    •  Confirms the authenticity of the sender – the recipient can be sure that the message comes from a specific person or organisation.

    • Guarantees that the content of the message has not been altered during transmission.

  2. Message encryption.

    • Ensures the confidentiality of correspondence – only the recipient with the appropriate private key is able to decrypt the message.

To order a certificate, complete the S/MIME certificate application form, and then send a scan to ithelp@agh.edu.pl.

Attention!

Since 2025, HARICA (Hellenic Academic & Research Institutions Certification Authority) has been the certificate provider for AGH.

The following section applies to the installation of certificates issued after 1 January 2025.

If you have a certificate issued earlier, go directly to the section Installation of a personal certificate.

Installing the HARICA root certificate

Installing a personal certificate for use in Outlook requires prior installation of the HARICA root certificate.  

To do this:

  1. Go to the HARICA certificate repository. https://repo.harica.gr/rep_dyn.php 

  2. In the Root Certification Authorities section, expand the list of certificates and select HARICA Client RSA Root CA 2021.

  1. Download the certificate in DER format:

Direct link to the certificate:
https://repo.harica.gr/certs/HARICA-Client-Root-2021-RSA.der  

  1. Open the downloaded file. 

If a warning appears before opening the file, confirm that you want to open the file by clicking Open.

  1. Installing a new root certificate from a certification authority may pose a security risk to your system. 

Before installing, it is important to verify that the certificate is trusted and validated by Microsoft's Root Certificate Programme. Learn how to do this here.

 

Attention!

When attempting to install an untrusted certificate, Windows will mark it as shown below. Do not install such a certificate on your system.

After opening the file, pay attention to:  

  1. Certificate icon: 
  1. Correct:

  1. Incorrect:

  1. Certificate information: 
  1. Correct:
  1. Incorrect:

If everything is correct, click Install Certificate...

  1. Select "Current user" as the storage location. 
  1. Allow the system to automatically select the certificate store.
  1. Complete the installation.
    After successful installation, a message should appear.

Installing a personal certificate

  1. Save the S/MIME personal certificate file (for signing/encrypting emails) that was attached to the email you received from certyfikaty@agh.edu.pl to your hard drive.

  2. Open the saved file.

  3. Select ‘Current user’ as the storage location.

  1. Check that the correct file is being imported.
    If necessary, click Browse... and select the personal certificate file you downloaded earlier.
  1. Enter the password required to import the certificate.
    It can be found in the same email message to which the file was attached. 
  1. Allow the system to automatically select the certificate store.  
  1. Complete the installation. 
    After successful installation, a message should appear. 

Configuring an S/MIME certificate (for signing/encrypting emails) in Outlook

Attention

The Outlook programme (new version) available in the Microsoft 365 Copilot package for AGH employees does not have the option to configure an S/MIME certificate.

To use the email signing/encryption functionality, you must use Outlook (classic).

  1. In the main menu, click File.
  1. In the navigation bar on the left, select Options (at the bottom).
  1. In the Outlook Options window, select Trust Center, and then click Trust Center Settings....  
  1. In the Trust Center window, select Email Security from the navigation bar and click Settings....
  1. In the Change Security Settings window, most options should be set correctly by default. Pay attention to: 
    • Security settings name
    • Signing certificate
    • Encryption certificate
    • Hash algorithm - select at least SHA256
  1. After confirming the security settings, we recommend enabling the Add digital signature to outgoing messages option to automatically sign all outgoing emails.
  1. To use the signing and/or encryption features, select Options from the main menu of the new message window and use the following buttons:

    1. Sign to digitally sign the message.

    2. Encrypt to additionally encrypt the message, preventing it from being read by unauthorised persons.

Attention

A new message can only be encrypted if we have the recipient's public key.

It is automatically saved in the system when a person sends us a digitally signed message and we add it to our saved contacts.

Stopka