Use of digital certificates in Outlook Client for Windows ("trust center")

%3CLINGO-SUB%20id%3D%22lingo-sub-1383225%22%20slang%3D%22en-US%22%3EUse%20of%20digital%20certificates%20in%20Outlook%20Client%20for%20Windows%20(%22trust%20center%22)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1383225%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20use%20Outlook%20(Office%20365)%20to%20manage%20%3CSTRONG%3Emultiple%20accounts%3C%2FSTRONG%3E.%20I%20want%20to%20digitally%20sign%20all%20my%20outgoing%20emails%20from%20one%20account%20with%20a%20certificate.%3C%2FP%3E%3CP%3EHow%20to%20set%20this%20up%20differs%20between%20my%20Outlook%20client%20for%20Mac%20and%20the%20one%20for%20Windows%2C%20and%20it%20is%20the%20Windows%20client%20that%20(according%20to%20me)%20has%20a%20design%20flaw.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20Mac%20the%20setting%20%22S%2FMIME%20digitally%20sign%20all%20outgoing%20emails%22%20is%20bound%20to%20an%20email%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20Windows%20the%20setting%20%22Trust%20Center%2C%20digitally%20sign%20all%20outgoing%20emails%22%20is%20a%20global%20setting%2C%20so%20applies%20to%20all%20email%20accounts%20at%20once%2C%20there%20is%20no%20option%20to%20be%20selective%20and%20pick%20only%20one%20email%20account.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHence%2C%20when%20I%20select%20this%20option%2C%20the%20Windows%20Outlook%20client%20now%20tries%20to%20digitally%20sign%20ALL%20my%20outgoing%20emails%2C%20including%20those%20for%20which%20the%20digital%20certificate%20is%20invalid.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBasically%2C%20using%20the%20Outlook%20for%20Windows%20client%20to%20manage%20multiple%20email%20accounts%20invalidates%20the%20setting%20to%20digitally%20sign%20all%20outgoing%20emails.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20have%20a%20workaround%2C%20or%20does%20anyone%20know%20how%20to%20propose%20this%20product%20improvement%20to%20the%20Microsoft%20Outlook%20for%20Windows%20client%20product%20team%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%3C%2FP%3E%3CP%3EPatrick%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1383225%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20Apps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESecurity%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1385712%22%20slang%3D%22en-US%22%3ERe%3A%20Use%20of%20digital%20certificates%20in%20Outlook%20Client%20for%20Windows%20(%22trust%20center%22)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1385712%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F664854%22%20target%3D%22_blank%22%3E%40patrickcoom%3C%2FA%3E%26nbsp%3BHello%2C%20I%20just%20created%20an%20additional%20profile%20in%20my%20Outlook%20client%20and%20configured%20my%20primary%20profile%20to%20use%20my%20digital%20certificate%20(ID%20card)%20for%20signing%20messages%20via%20Trust%20Center%20settings%20in%20Outlook.%20When%20changing%20Outlook%20Profile%20to%20the%20new%20one%20(File%20-%20Account%20Settings%20-%20Change%20Profile)%20the%20settings%20are%20not%20%22inherited%22.%20They%20are%20only%20configured%20in%20the%20profile%20in%20which%20I%20created%20them.%20In%20other%20words%20I%20cannot%20reproduce%20the%20issue%20you're%20describing%20as%20my%20outgoing%20messages%20are%20only%20digitally%20signed%20from%20my%20primary%20profile.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1386280%22%20slang%3D%22en-US%22%3ERe%3A%20Use%20of%20digital%20certificates%20in%20Outlook%20Client%20for%20Windows%20(%22trust%20center%22)%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1386280%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F551905%22%20target%3D%22_blank%22%3E%40bec064%3C%2FA%3Eso%20you%20switch%20between%20profiles%20basically%2C%20which%20is%20not%20really%20great%20for%20using%20a%20single%20client%20for%20managing%20multiple%20mailboxes%20at%20the%20same%20time.%20What%20a%20terrible%20user%20experience.%20On%20Mac%20this%20works%20as%20one%20should%20expect%2C%20only%20on%20Windows%20this%20logic%20is%20at%20a%20wrong%20level.%20While%20digging%20deeper%20I%20found%20similar%20posts%20even%20bug%20reports%20dating%20back%20to%202015%2C%20but%20apparently%20nobody%20cares%20about%20using%20digital%20certificates.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThx%20for%20your%20response!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi,

I use Outlook (Office 365) to manage multiple accounts. I want to digitally sign all my outgoing emails from one account with a certificate.

How to set this up differs between my Outlook client for Mac and the one for Windows, and it is the Windows client that (according to me) has a design flaw.

 

On Mac the setting "S/MIME digitally sign all outgoing emails" is bound to an email account.

 

On Windows the setting "Trust Center, digitally sign all outgoing emails" is a global setting, so applies to all email accounts at once, there is no option to be selective and pick only one email account.

 

Hence, when I select this option, the Windows Outlook client now tries to digitally sign ALL my outgoing emails, including those for which the digital certificate is invalid.

 

Basically, using the Outlook for Windows client to manage multiple email accounts invalidates the setting to digitally sign all outgoing emails.

 

Does anyone have a workaround, or does anyone know how to propose this product improvement to the Microsoft Outlook for Windows client product team?

 

Thank you

Patrick

 

2 Replies
Highlighted

@patrickcoom Hello, I just created an additional profile in my Outlook client and configured my primary profile to use my digital certificate (ID card) for signing messages via Trust Center settings in Outlook. When changing Outlook Profile to the new one (File - Account Settings - Change Profile) the settings are not "inherited". They are only configured in the profile in which I created them. In other words I cannot reproduce the issue you're describing as my outgoing messages are only digitally signed from my primary profile.

Highlighted

@bec064so you switch between profiles basically, which is not really great for using a single client for managing multiple mailboxes at the same time. What a terrible user experience. On Mac this works as one should expect, only on Windows this logic is at a wrong level. While digging deeper I found similar posts even bug reports dating back to 2015, but apparently nobody cares about using digital certificates.

 

Thx for your response!