!

Using Digital Certificates for Email Messages

Overview

This document explains how to apply for a digital certificate through the University’s Manage My Account Web site and how to use that digital certificate to sign and encrypt email messages. A digital certificate is a security tool that can be attached to an email message to verify that the sender of the message is who he or she claims to be and that the message has not been altered since it was sent. It can also be used to encrypt email messages.

Step One - Apply

Apply for your digital certificate via the Self Service page at my.pitt.edu. You will need a University Computing Account username and password. You must also have secure access to a personal computer to ensure the security and integrity of your digital certificate. After your application has been approved, you will receive an email with a Personal Identification Number (PIN) for retrieving your digital certificate.

Important: You must use the same computer and Web browser to retrieve your digital certificate as you did to apply for your certificate. You also cannot apply for a digital certificate from the Student Computing Labs.

Note: If your advertised email address has a prefix between "@" and “.pitt.edu” (for example, dept.pitt.edu), then that will be the address used for your digital certificate. If your advertised email address is blank, then your username@pitt.edu email address will be used for your digital certificate. You can change your advertised email address by logging in to my.pitt.edu, selecting Profile, clicking Manage Your Account, and then clicking Contact Information.

To apply for a digital certificate, complete the following steps. Approval of your digital certificate application may take 48 hours .

  1. Log in to my.pitt.edu with your University Computing Account username and password.

  2. Select Profile in the upper right hand corner, then Manage Your Account.

  3. Select Certificate Request.
    Select Certificate Request

  4. Check the boxes on the Digital Certificate Request form for Request Encryption Certificates and Request Signing Certifcates, then click Request Certificate(s).
    Fill out Digital Certificate Request form

  5. Your request will be sent. An onscreen message will be displayed.
    Using Digital Certificates Confirmation Message

Step Two - Collect

  1. Once approved, an email with additional instructions will be sent. Click the link to create your digital certificate.Digital Certificate Email

  2. Fill out the Certificate Manager form, then click Submit.
    Note:The PIN is optional you enter twice but is used to import and install your digital certificate and key. Items marked with an asterisk (*) are required fields. The pass-phrase you enter twice is used if you need to revoke a certificate (before requesting a new one).
    Register Your Digital Certificates

  3. Click Download, select a location to save the file to such as a personal network drive or Department assigned drive, enter a File name (optional), and click Open.
    Save your Digital Certificate

 

Step Three - Install

  1. Locate the digital certificate and double click it.
    Install your Digital Certificate - import wizard

  2. A wizard launches. Make sure Current User is selected, click Next.
    Select Current User - import wizard

  3. For File to Import, the file should appear in the File name field. Click Next.

  4. For Private key protection make sure the following information is provided:

    • For Password enter the PIN that you provided during the registration process. If you did not create a PIN, leave this field blank
    • Mark this key as exportable is checked.
    • Include all extended properties is checked.

    Click Next.
    Private key protection settings - import wizard

     

  5. For the Certificate Store, make sure Automatically select the certificate store based on the type of certificate is selected, then click Next.
    Select Certificate Store- import wizard

  6. Review your information. To import the certificate and close the wizard click Finish then OK.
    Completion Screen for Certificate - import wizard

Step Four- Verify

  1. Launch Microsoft Outlook and make sure the File is selected so you can see Account Information. Click Options.
    Select Certificate - Add to Outlook

  2. From the options along the left-hand column select Trust Center, then select Trust Center Settings ....
    Select Certificate - Get to Outlook Trust Center

  3. From the Trust Center options along the left-hand column select Email Security, then from Encrypted email select Settings ....
    Select Certificate - Get to Trust Center Email Setting

  4. Look for the certificate information for Signing Certificate and Encryption Certificate If this information is populated to these fields, then the certificate has been added to the Trust Center. Click OK and skip the rest of this step.
    Verify Signing and Encryption Certificate

    If the certificate information is not populated to these fields, click Choose ... then do the following steps first for Signing Certificate then for Encryption Certificate:
         click More choices > Select your certificate (it will be highlighted) > OK.
    Select Signing and Encryption Certificate

  5. Click OK to confirm your changes to your security settings.

Step Five - Export A Copy of the Public Certificate Key

A copy of your public key can be exported to the Global Address List directory (GAL) in Outlook. You can use this key to send and receive encrypted email communications with others who have shared public keys in the GAL. To save a copy of your public key to the GAL:

  1. Click the Publish to Gal ... option in the Outlook Trust Center.
    Note: You can access the Trust Center in Outlook by clicking File > Options > Trust Center > Trust Center Settings ... > Email Security.Publish a Copy of Your Public Encryption Key
  2. Click OK to confirm your decision to publish your public certificate key. Click OK when you see the message that the certificate key was published successfully.
    Note: It may take an hour before the public key is available for other users to download from the GAL.

Step 6 –Encrypt Email Messages

You can send and receive encrypted email communications with others who have published digital certificates in the GAL.

Encrypt email from Outlook 2016

  1. Launch Outlook, then select New Email.
  2. Select Options > More Options > Security Settings.
  3. Check the Encrypt message contents and attachments box.
    Locate the encrypt message contents and attachments setting
  4. Compose your message, and select Send.
  5. Each recipient with a published digital certificate will be able to read your email and send an encrypted reply.

Encrypt email from My Pitt Email (Office 365)

  1. Log in to My Pitt, and select My Pitt Email.
  2. Select New > Email Message > (More Actions) > Show message options....
    Locate the More Action feature of Webmail
  3. Check the Encrypt this message (S/MIME option) box, then select OK.
    Settings to Encrypt Your Message
  4. Compose your message, and select Send.
  5. Each recipient with a published digital certificate will be able to read your email and send an encrypted reply.