Using digital signature certificates with Outlook on the web - UBmail (Exchange Online)

IT STAFF / ADVANCED: Learn how to enable digital signatures with Outlook on the web, and how to sign and encrypt messages.

On this page:

1. Import certificates into Exchange Online

By default, certificates do not work when using Outlook on the web (only when using Outlook client). In order for certs to work for signing, encrypting and validating, the Root and Intermediate Certs needed to be imported into our EOL config.

2. Install the S/MIME Extension

Error messages when the extension is not installed

The browser being used for accessing Outlook on the web also must have the S/MIME extension installed. If it is not, you will see a message like one of the following:

  • "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension." (Chrome)
  • This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here. (Edge)

The S/MIME extension (once installed) will not work for validating a signature (and may not work for signing/encrypting) unless the email is opened in a separate window (ie. pop-out). You may see a message to this effect:

  • "S/MIME isn't supported in this view. To view this message in a new window, click here"

Installing extension in Microsoft Edge

If you receive an email that's signed and you do not have the extension, there will be a message informing you and offering a link to install the extension, this will take you to Edge Add-ons store

Installing extension in Google Chrome

  1. Open an email that's signed, there will be a message informing you that you do not have S/MIME extension installed but not offering a link to install the extension (see below):
    • "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension."
  2. You must force Chrome to allow you to install this extension install either by Registry key or Policy
    • Registry:
      • Reg Key: HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist
      • Value Name: 1
      • Value type: REG_SZ
      • Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx
    • Policy:
      • User Configuration-> Administrative Templates-> Google-> Google Chrome-> Extensions-> Configure the list of force-installed apps and extensions
      • Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/Smi meCrxUpdate.ashx
  3. Restart Browser
  4. Open an email that's signed, Now you will receive a different message:
    • "This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here."
  5. Click on the link and it will download SmimeOutlookWebChrome.msi
  6. Run the msi

Signing and encrypting a message from Outlook on the web

  1. Click "New Message" and enter the To: information
  2. Click the elipses at the top of the message and select "Show message options"
  3. Select "Digitally sign... for signing or Encrypt... for encrypting email (or both)
message options.

You may see this warning if you imported certificate, with strong private key protection:

signing data with your private exchange key.

It's not a bad idea to keep this warning, you can re-import the cert if you have a backup copy with private key included.

Just unselect the strong private key protection:

certificate import wizard.

See also