Secure Email Setup

This tutorial shows you how to set up Secure Email using Outlook Express and a free Digital ID or certificate.

I’m going to assume you are using Outlook Express but other programs probably have similar steps.

I have not investigated using web email clients [web pages directly on Yahoo or Gmail] to accomplish this. I am not aware that they support secure email.

Setup Your Email Accounts
First of all, make sure that you have outlook express set up for your one or more email addresses that you want to use and that you have tested them. You can send email from one account to another to test them. During this process you will need to receive multiple email messages from the certificate authority, so your email will need to be working.

Also you will need to be using MSIE, not Firefox or another browser for this process. This is because Outlook Express and MSIE are in cahoots and share knowledge about how to manage certificates. Those built for Firefox will work only for the Netscape or Mozilla Email program. So run MSIE and go to the following Thawte link.

Sign up at Thawte
You can get Free Email Certificates for personal use from There are other authorities, but I’m using Thawte as an example. No endorsement is intended.

Click JOIN and then fill out the form, select a password and enter your personal information for the certificates. You will need to receive an email for the email address you entered and transfer some data from that email to a web page to authenticate yourself. Once that is done you are “official” joined up at Thawte. Now you can go to the account page and add more email addresses if you want to. You can also do this at any time in the future.

Request a Certificate
After you sign up, choose the certificates page, and then click on Request Certificate.
Request Certificate

This will take you to a small window where you will go through the process. If you set up more than one Email address in your account, you will get to choose which email address the certificate applies to. You will need a separate certificate for each email address you have or want to use securely.

The process is straight forward until you get to the following page. Do not click on the Configure Button unless you know what you are doing. ACCEPT is the right choice here. The certificate will work for all email activities.

Accept Default Extensions

After a few more pages you will come to this screen. This is the actual step where a certificate is created.
Create the Certificate

When you click here you will then go through a screen and a dialog box will popup asking if you want to install the certificate. Click OK. But this is not the end of the process. The certificate has been handed to MSIE / Outlook Express, but it cannot yet be used.

Check Your Email
You should have received an email message talking about the certificate. You will need to read that email and this will automatically enable the certificate for you at Thawte. If a box pops up talking about a read request then click OK.

Install your Certificate
The certificate is created, but not yet actually installed in MSIE, in spite of what MSIE has said. Go to the certificate status page that looks like this:

Certificate Status

Now you need to click on the MSIE link to go to the page to fetch the certificate:
Fetch Cert
The fetch button is the red button at the bottom of the page. Click on the fetch button and click ok on any dialog that appears and your certificate is installed in MSIE.

Now Set up your Digital ID in Outlook Express
In Outlook Express, choose Tools >> Accounts… then Properties… for the account that you have a certificate for. Now choose the Security Tab and you will see something like this:
OE Certificate Selection

Choose the same certificate you just created by choosing Select… for both the signing and encryption certificate. 3DES is the correct default to use for the encryption.

Sending Encrypted Email
To send encrypted email, first you need to send a Signed Message.

encrypted email

The Sign and Encrypt email buttons are under the cursor arrow on the image above. To begin sending encrypted email, you should each exchange digitally signed messages. Once you have received these digitally signed messages you can each send encrypted email.

Things should work now to send encrypted email.