Feb 28 2017 11:04 AM - edited Feb 28 2017 11:06 AM
Introduction
By default, there are bunch of requirements for making digital operations with e-mails in Microsoft Office Outlook 2016 and not all of those requirements are fulfilled by default.
We need to make following changes to computer configuration to support digital e-mail signing with SK certificates in Windows environments:
Preparations
Step 1: First off lets install Estonian ID-Card software if you don't have it already
Step 2: Next lets add intermediate certificates, download and save certificates to C:\temp\
Adding certificates to from administrative command prompt run command:
certutil -f -addstore CA "c:\temp\ESTEID-SK_2011.der.cer"
certutil -f -addstore CA "c:\temp\ESTEID-SK_2015.der.cer"
Results should show following for each command:
CA "Intermediate Certification Authorities" Certificate "ESTEID-SK 2011" added to store. CertUtil: -addstore command completed successfully. CA "Intermediate Certification Authorities" Certificate "ESTEID-SK 2015" added to store. CertUtil: -addstore command completed successfully.
Step 3: To support different e-mail address in certificate we need to add registry key to our configuration.
From administrative command prompt run:
Reg add HKCU\SOFTWARE\Policies\Microsoft\office\16.0\outlook\security /v supressnamechecks /t REG_DWORD /d 1
You can confirm the registry key and value existence by running command
Reg query HKCU\SOFTWARE\Policies\Microsoft\office\16.0\outlook\security /v supressnamechecks
Result should show following:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\outlook\security supressnamechecks REG_DWORD 0x1
Step 4: Configuring Outlook for email signing
Sending signed e-mail
Validating such signed emails
Supported versions
Current document describes what to do with Office 2016. The configuration is also supported in older versions of Offices and in Office 365, but it can need minor changes for other versions.
Sources