Install the S/MIME add-in
1. Open the download page and install the add-in
Firefox is required for the Gmail S/MIME add-in. Open the Gmail add-in page and click "Add to Firefox"2. Restart Firefox
Importing the pfx
The Gmail recipient receives the following message containing an attached password encrypted PFX:
1. Save the pfx attachment
Because the Gmail add-in works from Firefox you will need to import the certificate and private key into Firefox. The pfx should therefore be saved to your desktop.2. Open the Encryption options
Open tools menu Tools → options..., select the Advanced options and open the Encryption tab
3. Click "View Certificates"
This opens the "Certificate Manager" dialog
4. Click "Import" and select the pfx from step 1.
The first time you add a certificate you are asked to set a "Master Password". The master password is used to protect the private keys stored in Firefox. The private keys are encrypted with the master password to ensure that only you can access the private keys. You only have to set the master password once.
Note: this is NOT the password for the pfx file that has been handed out to you! The master password should be chosen by you.
5. Set the master password and click "OK"
6. Enter the pfx password and click "OK"
you are now asked for the password of the password protected pfx file. This is the password that was given to you via SMS Text message or in some other way.
7. Finished.
Now that you have installed a certificate and private key you are able to receive encrypted email.
[The following steps are only required if you want to send encrypted email]
Trust the imported certificate
The certificate with the private key and the root and intermediate certificates have now been installed. You should now manually trust the root certificate because it is not automatically trusted. You first need to find out which root you need to trust.1. Open "Your Certificates" tab on the "Certificate Manager"
Open tools menu Tools → options..., select the Advanced options and open the Encryption tab, Click "View Certificates" and select the "Your Certificates" tab.
2. View certificate properties and get the name of the root
Double-click the certificate you just installed. The certificate details should now be opened. The first entry in the "Certificate Hierarchy" is the root certificate. You should remember the name of the root certificate because you will need it in the next step.
3. Select the root certificate
Open the "Certificate Manager" (see step 1) and select the "Authorities" tab. In the certificate list select the root certificate from step 2.
4. Trust the root certificate
Click the "Edit" button and select "This certificate can identify mail users.".
Receiving signed and encrypted email
A signed and encrypted message looks as follows:
Note: The current version of Gmail add-in does not verify digital signatures.
Sending signed and encrypted email
You can sign and encrypt your email by selecting the sign and encrypt option
1. Select sign and encrypt1
selecting 
will sign the message and
selecting 
will encrypt the message.
2. Send the message
3. Confirm the signature
When sign is selected the Gmail add-in will ask for a confirmation.
4. Enter the master password
The signature confirmation requires you to enter the master password.5. Enter your Gmail password and click "OK"
The Gmail add-in sends your message using the Gmail SMTP server. Your Gmail password is required for sending the message with the Gmail SMTP server.
6. Finished.
Issues
The Gmail S/MIME add-in has some shortcomings you should be aware of. Two main issues:
- Signature are not verified
- Drafts are not stored securely
For more issues see Gmail S/MIME issues