Using SMIME in Office 365

To enable the use S/MIME for signing and encrypting e-mail within Office 365, it is necessary to install a digital signature (e-mail certificate) in the form of an SST file in the Exchange Online environment. Note: This manual is only for Office 365. To use an e-mail certificate outside of Office 365, install the certificate in the relevant e-mail client.

Create .SST file for root and intermediate certificates

Follow the following steps to open the Local Machine Certificate Store via the mmc snap-in:

  1. Click menu Start → Run and type mmc followed by Enter.

    S/MIME in Office 365

  2. Click on File and select Add/Remove Snap in.

    S/MIME in Office 365

  3. Select Certificates from the available snap-ins box and click Add.

    S/MIME in Office 365

  4. Select My user Account and click Finish.

    S/MIME in Office 365
  5. Close the Add Standalone Snap-in box by clicking OK on the Add/Remove Snap screen.
  6. Go back to the MMC.
  7. Select the root and intermediate certificates that belong to the personal signature.
  8. Click the right mouse button, select All Tasks → Export… and save the file in Microsoft Serialized Certificate Store (SST) format.

    SMIME in Office 365

Save the .SST file on the Office 365 server

Use the command below to update the SST on the office 365 exchange server via the remote PowerShell:

sst = Get-Content SMIMECertificateIssuingCA.sst -Encoding Byte Set-SmimeConfig -SMIMECertificateIssuingCA

Add email signature to Global Address List

  1. In Outlook 2013, click on File and then on Options.
  2. In the Outlook options window, click on Trust Center → Trust Center Settings → Email Security.
  3. In the Trust Center window, click on settings.
  4. Choose Certificate issued by a CA.
  5. In the Change Security Settings window, enter a name and choose Signing and Encryption Certificate.
  6. In the next step we choose the previously specified name, and leave the algorithm on Default.

    S/MIME in Office 365

  7. Click OK and then Publish to GAL.

Check the certificate installation

  1. Connect to the Exchange online environment via PowerShell.
  2. Run the following command to ensure that the UserSMimeCertificate attribute has the correct information:
    Get-Mailbox <username> | FL *user* or
    Get-Mailbox <username> | FT *user*
  3. When the fingerprint is displayed, S/MIME can be used to receive and send messages.


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up