Using digital signature certificates with Outlook on the web - UBmail (Exchange Online)
IT STAFF / ADVANCED: Learn how to enable digital signatures with Outlook on the web, and how to sign and encrypt messages.
1. Requirements
- Outlook on the web requires a Windows desktop device to support S/MIME.
- Microsoft Edge is the preferred browser.
- To use S/MIME on Chrome, your computer must be joined to a Microsoft Active Directory domain and have a Chrome policy to include the S/MIME extension. Check with your IT administrator or helpdesk to confirm that your computer is joined to a domain and has the required policy.
- S/MIME isn't available in Outlook on the web on Mac, iOS, Android, or other non-Windows devices.
2. Install the S/MIME Extension
Error messages when the extension is not installed
The browser being used for accessing Outlook on the web also must have the S/MIME extension installed. If it is not, you will see a message like one of the following:
- "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension." (Chrome)
- This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here. (Edge)
The S/MIME extension (once installed) will not work for validating a signature (and may not work for signing/encrypting) unless the email is opened in a separate window (ie. pop-out). You may see a message to this effect:
- "S/MIME isn't supported in this view. To view this message in a new window, click here"
Installing extension in Microsoft Edge
If you receive an email that's signed and you do not have the extension, there will be a message informing you and offering a link to install the extension, this will take you to Edge Add-ons store
Installing extension in Google Chrome
- Open an email that's signed, there will be a message informing you that you do not have S/MIME extension installed but not offering a link to install the extension (see below):
- "The digital signature on this message can't be verified. This message has a digital signature, but it wasn't verified because the S/MIME extension isn't installed. Please contact your IT administrator for help installing the extension."
- You must force Chrome to allow you to install this extension install either by Registry key or Policy
- Registry:
- Reg Key: HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist
- Value Name: 1
- Value type: REG_SZ
- Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/SmimeCrxUpdate.ashx
- Policy:
- User Configuration-> Administrative Templates-> Google-> Google Chrome-> Extensions-> Configure the list of force-installed apps and extensions
- Value: maafgiompdekodanheihhgilkjchcakm;https://outlook.office.com/owa/Smi meCrxUpdate.ashx
- Restart Browser
- Open an email that's signed, Now you will receive a different message:
- "This message has a digital signature, but it wasn't verified because the S/MIME control isn't installed. To install S/MIME, click here."
- Click on the link and it will download SmimeOutlookWebChrome.msi
- Run the msi
Signing and encrypting a message from Outlook on the web
- Click "New Message" and enter the To: information
- Click the elipses at the top of the message and select "Show message options"
- Select "Digitally sign... for signing or Encrypt... for encrypting email (or both)
You may see this warning if you imported certificate, with strong private key protection:
It's not a bad idea to keep this warning, you can re-import the cert if you have a backup copy with private key included.
Just unselect the strong private key protection:
See also