Using digital signature certificates with Outlook on the web - UBmail (Exchange Online)

IT STAFF / ADVANCED: Learn how to enable digital signatures with Outlook on the web, and how to sign and encrypt messages.

On this page:

1. Requirements

  • Outlook on the web requires a Windows desktop device to support S/MIME.
  • Microsoft Edge is the preferred browser.
  • To use S/MIME on Chrome, your computer must be joined to a Microsoft Active Directory domain and have a Chrome policy to include the S/MIME extension. Check with your IT administrator or helpdesk to confirm that your computer is joined to a domain and has the required policy.
  • S/MIME isn't available in Outlook on the web on Mac, iOS, Android, or other non-Windows devices.

2. Install the S/MIME Extension

Error messages when the extension is not installed

The browser being used for accessing Outlook on the web also must have the S/MIME extension installed. If it is not, you will see a message like one of the following:

  • "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension." (Chrome)
  • This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here. (Edge)

The S/MIME extension (once installed) will not work for validating a signature (and may not work for signing/encrypting) unless the email is opened in a separate window (ie. pop-out). You may see a message to this effect:

  • "S/MIME isn't supported in this view. To view this message in a new window, click here"

Installing extension in Microsoft Edge

If you receive an email that's signed and you do not have the extension, there will be a message informing you and offering a link to install the extension, this will take you to Edge Add-ons store

Installing extension in Google Chrome

  1. Open an email that's signed, there will be a message informing you that you do not have S/MIME extension installed but not offering a link to install the extension (see below):
    • "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension."
  2. You must force Chrome to allow you to install this extension install either by Registry key or Policy
    • Registry:
      • Reg Key: HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist
      • Value Name: 1
      • Value type: REG_SZ
      • Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx
    • Policy:
      • User Configuration-> Administrative Templates-> Google-> Google Chrome-> Extensions-> Configure the list of force-installed apps and extensions
      • Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/Smi meCrxUpdate.ashx
  3. Restart Browser
  4. Open an email that's signed, Now you will receive a different message:
    • "This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here."
  5. Click on the link and it will download SmimeOutlookWebChrome.msi
  6. Run the msi

Signing and encrypting a message from Outlook on the web

  1. Click "New Message" and enter the To: information
  2. Click the elipses at the top of the message and select "Show message options"
  3. Select "Digitally sign... for signing or Encrypt... for encrypting email (or both)

You may see this warning if you imported certificate, with strong private key protection:

It's not a bad idea to keep this warning, you can re-import the cert if you have a backup copy with private key included.

Just unselect the strong private key protection:

See also