How to create and use digital signing for Email

How to create and use digital signing for Email?

Step-by-step guide

1. Open a Run command, type and run mmc command.

2. In the Console window go to File > Add/Remove Snap-In (or hit Ctrl+M)

3. Add Certificate and indicate My User Account, click Finish. Then click Ok once Certificates - Current User appear on the Console Root.


4. Expand Certificates - Current user > Personal > Certificates. Right click Certificates > pick All Tasks > Request New Certificate.


5. A new screen for a Certificate Enrollment and a “Before you begin screen” will be displayed. Click next

6. In Select Certificate Enrollment Policy pick Active Directory Enrollment Policy. Click Next


7. Pick your domain Exchange Server AD available (in this case UPTH Exchange Signature Only)


8. Click on More Information link below your selection in order to configure settings for the certificate.

On certificate Properties page on Subject Name: click on Type > choose Email and on Value field introduce your email account (ie:


Click Apply and Ok, then Enroll.


9. Wait for the Enrollment to be completed successfully. Click Finish.


A verify in the Console Root for your user can be done. Now a Certificate for your email account mentioned is present with Intended Purpose set as Secure Email.

10. In Outlook click on File > Options (on right side). 

11. In Option panel pick Trust Center > Trust Center Settings.


12. Choose Email Security > Settings


13. On Setting window either click on New (in order to have a new security setting defined for another cert) or click Choose in case there is no other Email settings defined.

The previously created certificate will become available (or a list with multiple certificates). Pick your certificate and click Ok.

Mandatory to give this policy a name in Security Setting Name.

Make sure that checkbox Send these certificates with signed messages is enabled.


14. From Outlook create a new mail. Add address and body and from Option enable Sign as type of encyption. (the button should be grayed out when enabled).

Send mail and check on specified address for signature and details.

15. If everything is ok a detailed signature will be sent along with your message.

Check on right side if a ribbon marking the digital signature is present. There are also Details to show exact signer of the mail


Note: These steps are meant for testing purposes, never for production environment.