Welcome to the Office Mac Help Site About | Blog | Links | Glossary | Feedback | Downloads | Help

Send digitally signed messages

You're now ready to actually send secure messages. Start by composing the message like any other email you write:

Send encrypted messages

Encryption works basically the same way as for signing messages:

  1. Click New to create a new message
  2. Go to the Options toolbar icon, and select Security View Screenshot
  3. Choose to Encrypt Message
  4. Click Send
    You can also simply combine the two steps and send both digitally signed and encrypted messages.
  5. Click New to create a new message
  6. Go to the Options toolbar icon, and select Security: View Screenshot
  7. Choose to Digitally Sign Message
  8. Click Send
  9. Click "Allow Once" when prompted

Troubleshoot:

I have security errors with my message...what does it all mean?

If you've been patient enough to follow through all the steps in this document, you probably realize S/MIME can get pretty complicated, and there are many places things can go wrong. Mistakenly forgetting to import a root, or un-checking an option in Account Preferences can render a sent or received message totally unreadable. With encrypted messages, there's generally not much feedback on this other than a decryption failure by Entourage. Fortunately for digitally signed messages, there's a bit more feedback. The messages are pretty self-explanatory, but here are the main checks reported by Entourage in a digitally signed message, and what they mean:

The General Tab:

This tab shows you information about any errors while processing a signed message, if any, as well as the opportunity to view and add the sender's encryption certificate to your address book (assuming they included it with their message).

View Screenshot

Message has not been tampered with: This indicates whether or not the actual bits in the message have changed since it left the sender's machine signed.

You do trust the digital ID This indicates whether or not you trust the root certificate that issued the digital ID that signed this message. If you get an "X" here, most likely you simply need to import a root and relaunch Entourage.

The digital ID has not expired This checks the validity dates for the certificate. All certificates have a specific window of time for which they're considered valid. If the date and time on your system clock is set outside that window, this check will fail. In most cases, the certificate has expired and your sender will need to get you a new one.

The digital ID's e-mail address does not match the senders. This checks spoofing - the e-mail address for which the certificate is issued ("Signer") should match the e-mail from which the message was actually sent ("Sender"). Entourage will show you what it thinks these two values are.

Revocation information for this certificate could not be determined : Sometimes, a certificate authority will revoke a certificate before its expiration date (for example, if the corresponding private key was known to be compromised). If it can, Entourage will attempt to find and validate whether or not the certificate has been revoked.

There are no other problems with the digital ID Entourage can find nothing else wrong with the digital ID that signed the certificate. The Details tab: This tab mostly gives you additional information, allows you to force a revocation check, and view the signing and encryption certificates, if available.

The Details tab:This tab mostly gives you additional information, allows you to force a revocation check, and view the signing and encryption certificates, if available. View Screenshot