After writing a 3 part series on purchasing and using S/MIME certificates with Microsoft Outlook 2016, some months went by I started receiving certficate renewal emails from Entrust. The first encouragement to renew arrived at 90-day warning, then 60, 30 and finally, 10. This post reviews the Entrust renewal process and describes that it is actually a new certificate purchase, not a renewal and describes the configuration changes required to configure Microsoft Outlook to use the “renewal” certificate rather than the expiring certificate.
In parts 1 and 2 of this series, I reviewed the difficult process of purchasing a personal certificate to use with S/MIME and the lengthy process required to get that certificate installed where Microsoft Outlook 2016 can use it for S/MIME signed email. This post will show how to send your public key to friends, where you and they can then finally send email encrypted with S/MIME.
n Part-1 of this series, I described the process of purchasing and installing a personal certificate. In my case, certificate was purchased from Entrust and I noted that once the purchase process was complete, the certificate exists for use in the Internet Explorer web browser, but that is all. With the purchase done, Microsoft Outlook will not yet utilize the certificate for purposes of S/MIME encrypted and signed email.
As a big fan of crypto, it has always rather amazed me that S/MIME hasn't had more success. We hear many accounts of users cannot handle the certificate management required to make something like PGP or S/MIME work. I have been doing some experiments and have concluded that we got it wrong; we are blaming the user when the right person to blame is ourselves. This post describes the first step of success, what it takes to "get a key".