How to import and use CPAC in Outlook 2010/2013

If the Personal Authentication certificate was purchased from the computer where Outlook is installed, then you can go straight to the Signing and Encrypting section of this article.

If Outlook was installed on a different computer, you will need to import the certificate. This should be done using browsers that are compatible with using CPAC. As soon as you export certificate files from your computer, you will then need to import the certificate into Outlook. This can be done via email or USB flash drives.

Certificate Import Procedure into Outlook 2010/2013

Open Outlook 2010/2013, then go to the 'File'> 'Options' menu.
On the Outlook Options page, select the item 'Trustcentre'> 'Trustcentre Settings'
You will see the Trust Centre Screen. In the left menu, select the 'E-mail Security' item, then click the 'Import/Export' button.
In the window titled “Import/Export Digital ID”, go to the desired directory where the PKCS12 file of your CPAC certificate is stored. Click Open. Next, enter the password and Digital ID.
Click OK.
Set the security level for the private key. Then click OK.

That’s it! The certificate has been imported into Outlook 2010/2013 successfully.

Signing and Encrypting

Now let's touch on how to sign and encrypt emails. Signing an email is necessary so that the recipient of the email is sure that the email came from you and it did not change at all in the process of sending.

Encrypting emails means that only the recipient of the mail will be able to see its content and attachments (files, pictures, etc.).

Note: to encrypt emails, you will first need to obtain the required certificate from your email recipient. To do this, it is necessary that they send you a signed email. When you receive an email from them, the certificate will be automatically added to the certificate store. You will then be able to sign and encrypt mails for this person.

Certificate binding

Open Outlook 2010/2013, then go to the 'File'> 'Options' menu
The Outlook Options page will appear. Select 'Trustcentre'> 'Trustcentre Settings'
Go to the menu item 'E-mail Security', then click 'Settings'.
In the ‘Change Security Settings’ window, you can specify certificates for signing and encryption. Most often, you will only need one certificate for signing and encryption.
Click on 'Choose' next to the 'Signing Certificate' field. In the window that appears, select the appropriate certificate.
Click OK. If you are not 100% sure whether this is a required certificate, you can view the data by clicking the 'View Certificate' button.
Repeat the process for 'Encryption Certificate'. Select the necessary certificate. You should now see your certificates in the corresponding Signing and Encryption fields in the 'Change Security Settings' window.
Click OK and return to the Trust Centre.

Signing and Encryption

To sign an email or encrypt it, you must first create an email.

Next, go to the 'Options' section in the menu and click on 'Sign' or on 'Encrypt', depending on the requirements.

How to import and use CPAC in Outlook 2010 2013

When the email is sent, it will be signed or encrypted.

Set encryption and signing of emails by default

Go to the section 'File'> 'Options' for Outlook 2010/2013
On the Outlook Options page, select 'Trustcentre'> 'Trustcentre Settings'
Go to the section 'Email Security'.

To encrypt each email by default, simply tick the box next to 'Encrypt contents’

To sign each email by default, simply tick the box next to 'Add digital signature’

If a field is not ticked, you will need to manually encrypt or sign the emails.

Usually, encryption is done on an individual basis for each email. Signing emails can be enabled automatically by default.