import { Steps, Callout, Tabs } from 'nextra/components'
import { Mail, BadgeAlert, ShieldCheck } from 'lucide-react'
# S/MIME Email Security
Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to **sign** (prove identity) and **encrypt** (protect content) email messages.
}>
**Internal Use Only:**
TrustLab certificates are private. If you send signed emails to **External Recipients** (e.g., Gmail, Yahoo), they will see an "Untrusted/Invalid Signature" warning because they do not trust the TrustLab Root CA.
**Use this for internal corporate communication only.**
## Setup Guide
## Configure Microsoft Outlook
**Supported Versions:** Outlook 365, 2019, 2016.
### 1. Open Trust Center
Go to **File > Options > Trust Center > Trust Center Settings**.
### 2. Email Security
Select **Email Security** from the left sidebar.
### 3. Import Certificate
Under *Encrypted Email*, click **Settings...**
* **Signing Certificate**: Click 'Choose' and select your TrustLab cert.
* **Encryption Certificate**: Same as above.
### 4. Save
Click **OK** to apply.
**Supported Versions:** New Outlook for Windows, OWA.
*Note: Requires S/MIME Control extension.*
### 1. Open Settings
Click the **Gear Icon** (Settings) in the top right.
### 2. S/MIME Menu
Navigate to **Mail > S/MIME**.
### 3. Enable
Enable **"Encrypt with S/MIME"** and select your certificate.
## Configure Thunderbird
**Version Requirement:** v115+ (Supernova) or newer.
### 1. Account Settings
Click the **Menu (≡)** button and select **Account Settings**.
### 2. End-to-End Encryption
Select your email account from the sidebar and click **End-to-End Encryption**.
### 3. Import Certificate
In the **S/MIME** section, click **Add** (or Manager) to import your `.p12` file.
### 4. Apply Certificate
Under *Select Certificate*, choose the imported file for both:
* **Digital Signing**
* **Encryption**
## How to Test
Send an email to a colleague who also has the Root CA installed. They should see a verified **Ribbon/Badge** icon indicating the email is trusted and unmodified.