Mail encryption in Outlook

An S/MIME certificate (for signing/encrypting emails) allows you to digitally sign emails and encrypt their content, which improves the security of your correspondence.

Benefits of an S/MIME certificate:

1. Signing messages.

   •  Confirms the authenticity of the sender – the recipient can be sure that the message comes from a specific person or organisation.

   • Guarantees that the content of the message has not been altered during transmission.

2. Message encryption.

   • Ensures the confidentiality of correspondence – only the recipient with the appropriate private key is able to decrypt the message.

To order a certificate, complete the S/MIME certificate application form, and then send a scan to ithelp@agh.edu.pl.

Installing a personal certificate for use in Outlook requires prior installation of the HARICA root certificate.  

To do this:

1. Go to the HARICA certificate repository. https://repo.harica.gr/rep_dyn.php 

2. In the Root Certification Authorities section, expand the list of certificates and select HARICA Client RSA Root CA 2021.

3. Download the certificate in DER format:

Direct link to the certificate:
https://repo.harica.gr/certs/HARICA-Client-Root-2021-RSA.der  

4. Open the downloaded file. 

If a warning appears before opening the file, confirm that you want to open the file by clicking Open.

5. Installing a new root certificate from a certification authority may pose a security risk to your system. 

Before installing, it is important to verify that the certificate is trusted and validated by Microsoft's Root Certificate Programme. Learn how to do this here.

After opening the file, pay attention to:  

1. Certificate icon: 

1. Correct:
   
   

2. Incorrect:
   
   

2. Certificate information: 

1. Correct:

2. Incorrect:

If everything is correct, click Install Certificate...

6. Select "Current user" as the storage location. 

7. Allow the system to automatically select the certificate store.

8. Complete the installation.
   After successful installation, a message should appear.

1. Save the S/MIME personal certificate file (for signing/encrypting emails) that was attached to the email you received from certyfikaty@agh.edu.pl to your hard drive.

2. Open the saved file.

3. Select ‘Current user’ as the storage location.

4. Check that the correct file is being imported.
   If necessary, click Browse... and select the personal certificate file you downloaded earlier.

5. Enter the password required to import the certificate.
   It can be found in the same email message to which the file was attached. 

6. Allow the system to automatically select the certificate store.  

7. Complete the installation. 
   After successful installation, a message should appear. 

1. In the main menu, click File.

2. In the navigation bar on the left, select Options (at the bottom).

3. In the Outlook Options window, select Trust Center, and then click Trust Center Settings....  

4. In the Trust Center window, select Email Security from the navigation bar and click Settings....

5. In the Change Security Settings window, most options should be set correctly by default. Pay attention to: 
   • Security settings name
   • Signing certificate
   • Encryption certificate
   • Hash algorithm - select at least SHA256

6. After confirming the security settings, we recommend enabling the Add digital signature to outgoing messages option to automatically sign all outgoing emails.

7. To use the signing and/or encryption features, select Options from the main menu of the new message window and use the following buttons:

   1. Sign to digitally sign the message.

   2. Encrypt to additionally encrypt the message, preventing it from being read by unauthorised persons.