mirror of
https://github.com/dyzulk/trustlab-docs.git
synced 2026-01-26 13:32:08 +07:00
85 lines
2.6 KiB
Plaintext
85 lines
2.6 KiB
Plaintext
---
|
|
id: smime
|
|
title: S/MIME Email Security
|
|
description: Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to sign (prove identity) and encrypt (protect content) email messages.
|
|
---
|
|
|
|
import { Steps, Callout, Tabs } from 'nextra/components'
|
|
import { Mail, BadgeAlert, ShieldCheck } from 'lucide-react'
|
|
|
|
# S/MIME Email Security
|
|
|
|
Secure/Multipurpose Internet Mail Extensions (S/MIME) allows you to **sign** (prove identity) and **encrypt** (protect content) email messages.
|
|
|
|
<Callout type="warning" emoji={<BadgeAlert className="w-5 h-5" />}>
|
|
**Internal Use Only:**
|
|
TrustLab certificates are private. If you send signed emails to **External Recipients** (e.g., Gmail, Yahoo), they will see an "Untrusted/Invalid Signature" warning because they do not trust the TrustLab Root CA.
|
|
|
|
**Use this for internal corporate communication only.**
|
|
</Callout>
|
|
|
|
## Setup Guide
|
|
|
|
## Configure Microsoft Outlook
|
|
|
|
<Tabs items={['Classic Outlook (Desktop)', 'New Outlook (Web Style)']}>
|
|
<Tabs.Tab>
|
|
**Supported Versions:** Outlook 365, 2019, 2016.
|
|
|
|
<Steps>
|
|
### 1. Open Trust Center
|
|
Go to **File > Options > Trust Center > Trust Center Settings**.
|
|
|
|
### 2. Email Security
|
|
Select **Email Security** from the left sidebar.
|
|
|
|
### 3. Import Certificate
|
|
Under *Encrypted Email*, click **Settings...**
|
|
* **Signing Certificate**: Click 'Choose' and select your TrustLab cert.
|
|
* **Encryption Certificate**: Same as above.
|
|
|
|
### 4. Save
|
|
Click **OK** to apply.
|
|
</Steps>
|
|
</Tabs.Tab>
|
|
<Tabs.Tab>
|
|
**Supported Versions:** New Outlook for Windows, OWA.
|
|
*Note: Requires S/MIME Control extension.*
|
|
|
|
<Steps>
|
|
### 1. Open Settings
|
|
Click the **Gear Icon** (Settings) in the top right.
|
|
|
|
### 2. S/MIME Menu
|
|
Navigate to **Mail > S/MIME**.
|
|
|
|
### 3. Enable
|
|
Enable **"Encrypt with S/MIME"** and select your certificate.
|
|
</Steps>
|
|
</Tabs.Tab>
|
|
</Tabs>
|
|
|
|
## Configure Thunderbird
|
|
|
|
**Version Requirement:** v115+ (Supernova) or newer.
|
|
|
|
<Steps>
|
|
### 1. Account Settings
|
|
Click the **Menu (≡)** button and select **Account Settings**.
|
|
|
|
### 2. End-to-End Encryption
|
|
Select your email account from the sidebar and click **End-to-End Encryption**.
|
|
|
|
### 3. Import Certificate
|
|
In the **S/MIME** section, click **Add** (or Manager) to import your `.p12` file.
|
|
|
|
### 4. Apply Certificate
|
|
Under *Select Certificate*, choose the imported file for both:
|
|
* **Digital Signing**
|
|
* **Encryption**
|
|
</Steps>
|
|
|
|
## How to Test
|
|
Send an email to a colleague who also has the Root CA installed. They should see a verified **Ribbon/Badge** icon indicating the email is trusted and unmodified.
|
|
|