show mobile version

Importing a pfx file into Outlook

The Outlook recipient receives the following message1 containing an attached password encrypted pfx:

Outlook email with pfx attachment

1. Double-click the attached pfx file

Alternatively you can save the pfx file and open it from the Explorer by double-clicking it. A warning will be shown asking you if you want to open the pfx file.

2. Click the "Open" button

Outlook open attachment warning

The "certificate import wizard" will be started which will import the password protected certificate and private key.

Certificate Import Wizard

Click the Next button until you come to password page

Certificate Import Wizard password

Now enter the password for the pfx file. Optionally check "Mark this key as exportable".

3. Click the Next button

On the Next pages leave the defaults until you reach the "Completing the Certificate Import Wizard" page.

Certificate Import Wizard finish

4. Click "Finish"

Importing the certificate and private key is now started.

The pfx file not only contains the end-user certificate and private key but also the root and intermediate certificate. The import wizard will also try to import the root and intermediate certificate. Windows asks for permission when importing a root certificate.

Windows root import warning

5. Click "Yes"

6. Finished.

Now that you have installed a certificate and private key you are able to receive encrypted email.

[The following steps are only required if you want to send encrypted email]

We will explain how to receive and send encrypted email.

Receiving signed and encrypted email

A signed and encrypted message looks as follows:

Outlook signed and encrypted

The 'padlock' Padlock shows that the message was encrypted and the 'ribbon' Ribbon shows that the message was signed.

The signed and encrypted message contains the public certificate of the sender. To make it possible to securely reply to the message you should associate the public certificate with the sender.

1. Select the senders email address, right-click and select "Add to Outlook Contacts"

Outlook add to contacts

Save the newly added Outlook contact. If the contact is already part of your contacts you will receive a "Duplicate Contact Detected" warning

Outlook duplicate contact detected

2. Click "Update"

Note: You will only need to associate the certificate with the sender contact the first time you receive a signed and encrypted email.

Sending signed and encrypted email

Sending a signed and encrypted email is similar to sending a normal email. You only need to select the sign and encrypt options.

Outlook sign and encrypt

If your Outlook toolbar does contain the sign and encrypt buttons you can enable sign and encrypt by opening the "message options" and select the "Security Settings..."

Outlook security properties

Importing a certificate for a contact

If you received a certificate (.cer or .p7b file) for an external user you can add the certificate to an Outlook contact.

1. Open the contact and select the certificates2

Outlook certificates for contact

2. Click "Import..." and select the .cer or .p7b file

3. Finished.

  1. In this example the password was sent via a SMS Text message. The message is slightly different when the password was not sent via SMS.
  2. In Outlook XP and Outlook 2003 you should open the "Certificates" tab.