Menu
Amazon WorkMail
User Guide (Version 1.0)

Send an Encrypted or Signed Email

With S/MIME, you can send signed and/or encrypted emails inside and outside of your organization. After you configure S/MIME in the email client settings, all emails your send are automatically signed. Encryption options depend on different email clients and respective platforms. Please see the following to learn how to configure S/MIME for a few common email clients.

Note

The Amazon WorkMail web app client is not supported.

To configure S/MIME in Windows Outlook

  1. Get the certificate (*.p12) file from your administrator or third-party provider and save it to a folder.

  2. Right-click the file and choose Install PFX.

  3. Choose Current User, Next, select the *.p12 file, and then choose Next.

  4. Enter the password and choose Next.

  5. Make sure that Automatically select the certificate store… is selected and choose Next.

  6. Choose Finish.

  7. Perform the following steps in Windows Outlook:

    1. Choose File, Options, Trust Center, Trust Center Settings…, Email Security, and Settings.

    2. In the Change Email Security dialog box, choose Choose… and select the installed certificate.

    3. Choose OK, select one or all applicable options, and choose OK.

  8. If all email recipients have certificates in the Global Address List (GAL) or Contacts, then all emails sent are automatically encrypted. Otherwise, you receive a warning message and can decide to send an unencrypted message or cancel.

To configure S/MIME in iOS Mail

  1. Get the certificate (*.p12) file from your administrator or third-party provider in an email.

  2. Open the email attachment and choose Install.

  3. Enter the PIN and follow the instructions.

  4. Choose Settings, Mail, Accounts, select your account, and then choose Account, Advanced Settings.

  5. Enable S/MIME and choose one or both of the options to sign or encrypt emails. If you chose Encrypt by Default, then all emails sent are automatically encrypted.

  6. When you type an email address in the To field, iOS loads the user certificate from the Global Address List (GAL) or from Contacts. If the certificate is not found, then the red unlocked icon means that the email can’t be encrypted.

To configure S/MIME in Android Nine and the Samsung Mobile devices native mail app

  1. Get the certificate (*.pfx or *.p12) file from your administrator or third-party provider in an email.

  2. Download the attached certificates.

  3. Open the Android Nine app and choose Email Settings, Accounts, select your account, and then choose Security options.

  4. To enable encryption, choose Encrypt ongoing emails. Under Email encryption cert, choose Install, select your certificate used for encrypting your email message, and choose Allow.

    Note

    If you select Email encryption cert, when you send an email, the app loads and validates the user certificate from the Global Address List (GAL) or from a contact. If the certificate is found for the recipient, the email is sent as encrypted. Otherwise, an error is displayed and the email is not sent. You must disable the Email encryption cert setting.

  5. To enable signing, choose Sign all outgoing emails. Under Email signing cert, choose Install, select your certificate used for signing your email message, and choose Allow.

To configure S/MIME in Outlook for Mac 2016

  1. Install the certificate on Mac OS:

    1. Get the certificate (*.p12) file from your administrator or third party provider, and save the file to a folder.

    2. Double-click the certificate file to open Keychain Access and approve to add the certificate to your keychain.

    3. In the list of certificates in your keychain, see the newly installed certificate appear.

  2. In Outlook for Mac, follow these steps:

    1. Choose Tools, Accounts, your account, Advanced, and Security.

    2. In Digital signing and Encryption, choose the newly installed certificate from the drop-down list and choose from the following options:

      • To sign all outgoing messages by default, choose Sign outgoing messages.

      • To encrypt all outgoing messages by default, choose Encrypt outgoing messages.

      • To make sure your signed message can be viewed by all recipients and mail applications, choose Send digitally signed messages as clear text.

      • To enable recipients to send encrypted messages to you, choose Include my certificates in signed messages.

    3. Choose OK to close the dialog boxes.

    Note

    To send en encrypted email to the group, manually expand the group.