Windows – Creating a signing certificate for Outlook 2010 under Windows 7

certificatemicrosoft-outlook-2010windows 7

I'm trying to create a S/MIME signing certificate for Outlook 2010 under Windows 7. I've gone into Options ➮ Trust Center (see below) to try and set it up but when I attempt to select the signing certificate I get an error message: "No certificate available".

How do you create a self-signed certificate for signing emails?

Trust Center

No Certificate Error

Best Answer

I was using the Microsoft tool makecert for this.

First you need to create a CA (Certificate Authority) key:

makecert -pe -n "CN=My Root CA" -ss root -a sha512 -sky signature -len 2048 -h 1 -cy authority -r my_ca.cer
# -pe: Mark private key as exportable - useful for backup.
# -n "CN=My Root CA": The name of the certificate. Please use an individual name and replace the "My" with your full name.
# -ss root: The store where makecert shall place the certificate (Root certificates store).
# -a sha512: The signature algorithm to use. Right now SHA512 is the maximum available.
# -sky signature: The key type (signature, not exchange).
# -len 2048: Key length in bits. You might consider generating a longer key.
# -h 1: Maximum height of the tree below this certificate. I don't use sub-CAs, so I hope that 1 is the correct value.
# -cy authority: Certificate type is CA, not end-entity.
# -r: Create a self signed certificate.
#  my_ca.cer: Name of the file to which the generated public key will be written.

Now you need to create the certificate(s) for mail signing. In your case you will start with only one certificate for you:

makecert -pe -n "E=my.mail@addre.ss,CN=My eMail Signing" -a sha512 -sky exchange -cy end -ss my -eku 1.3.6.1.5.5.7.3.4 -in "My Root CA" -is root -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -len 2048 my_email.cer 
# -pe:Mark private key as exportable - useful for backup.
# -n "E=my.mail@addre.ss,CN=My eMail Signing": Name of the certificate. This must contain your mail address in the E entry and your name in the CN entry. You should give a useful CN, so please replace My with your full name.
# -a sha512: The signature algorithm to use. Right now SHA512 is the maximum available.
# -sky exchange: The key type (exchange, not signature).
# -cy end: Certificate type is end-entity, not CA.
# -ss my: The store where makecert shall place the certificate (My certificates store).
# -eku 1.3.6.1.5.5.7.3.4: Enhanced key usage "E-mail protection"
# -in "My Root CA": Name of the CA used to sign the generated key. Must be the same as given in "-n" in the above call to makecert.
# -is root: Store where the CA key can be found.
# -sp "Microsoft RSA SChannel Cryptographic Provider": Name of the CryptoAPI provider to use.
# -sy 12: Type of the CryptoAPI provider.
# -len 2048: Key length in bits. You might consider generating a longer key.
# my_email.cer: Name of the file to which the generated public key will be written.

The private and public keys will be written to the user's certificate stores (in the registry) and can be used immediately. The public keys will be written to the given files.

On your computer you can immediately select the mail signing certificate in your mail program. To give your public keys to others you can give them a copy of your public keys. For full trust they might need to import your CA key into their certificate store.

If you're looking to have a macro run based on an event:

This means you're looking to have your code run based on events that happen within outlook. For example, Application_Startup.

Under the Developer IDE (Alt + F11) select Microsoft Outlook Objects -> ThisOutlookSession

enter image description here

Then Select the dropdown that says General and Select Application. You'll then be able to select all the event driven methods that you can add. For Example:

enter image description here

If you're looking to just run a Macro

In the IDE, select the toolbars creation button dropdown and select Module

enter image description here

Within the code, create you're module:

Sub test()

    MsgBox "Hey Look a Macro!"
    
End Sub

You can then run it from the Developer tab:

enter image description here

Note: You have to make sure that you enable ALL macros in the security center

For more information I would highly suggest you read up on the Developer's website material.

Outlook – Cannot send encrypted message to others using Outlook 2010

Microsoft tells how to resolve this, but it's on your recipient & not for you to do: http://support.microsoft.com/kb/884738

To resolve this issue, the recipient must follow these steps:

On the Tools menu, click Options.
Click the Security tab.
In the Default Setting list, make sure that the correct security profile for the digital ID that you want to use is selected. To verify your certificate settings, click Settings. You can click Choose, and then click View Certificate to view your certificate details.
Under Digital IDs (Certificates), click Publish to GAL, and then click OK. This will republish the correct certificate to the global address list to make sure that users are addressing you with the correct digital certificate.
Click OK when you are prompted that your certificates were published successfully.
Click OK to exit the Options dialog box.

Best Answer

Related Solutions

Mac – How to get a macro to run in Outlook 2010

If you're looking to have a macro run based on an event:

If you're looking to just run a Macro

Outlook – Cannot send encrypted message to others using Outlook 2010

Related Question