Importing a pfx or p12 file into Outlook

An Outlook recipient receives the following message1 containing the attached password encrypted pfx:

Outlook email with pfx attachment

1. Double-click the attached pfx file

Alternatively, you can save the pfx file and open it with Explorer by double-clicking it. A warning will be shown asking whether you want to open the pfx file.

2. Click the "Open" button

Outlook open attachment warning

The "certificate import wizard" will be started. The import wizard will be used to import the password protected certificate and private key.

Certificate Import Wizard

Click the Next button until you come to password page

Certificate Import Wizard password

Enter the password for the pfx file. Optionally, check "Mark this key as exportable".

3. Click the Next button

Click Next on all the next pages until you reach the "Completing the Certificate Import Wizard" page (leave the settings at their default values).

Certificate Import Wizard finish

4. Click "Finish"

The certificate and private key will now be imported.

The pfx file not only contains the end-user certificate and private key but also the root and intermediate certificate. The import wizard will also try to import the root and intermediate certificate. Windows asks for permission when importing a root certificate.

Windows root import warning

5. Click "Yes"

6. Finished.

Now that you have installed a certificate and private key, you are able to decrypt encrypted email.

[The following steps are only required if you want to send encrypted email]

We will explain how to receive and send encrypted email.

Receiving signed and encrypted email

A signed and encrypted message looks as follows:

Outlook signed and encrypted

The 'padlock' Padlock shows that the message was encrypted and the 'ribbon' Ribbon shows that the message was signed.

The signed and encrypted message contains the public certificate of the sender. To make it possible to securely reply to the message, the public certificate should be associated with the sender.

1. Select the senders email address, right-click and select "Add to Outlook Contacts"

Outlook add to contacts

Save the newly added Outlook contact. If the contact is already stored in your contacts lists, you will receive a "Duplicate Contact Detected" warning.

Outlook duplicate contact detected

2. Click "Update"

Note: You will only need to associate the certificate with the sender contact the first time you receive a signed and encrypted email.

Sending signed and encrypted email

Sending a signed and encrypted email is similar to sending a normal email. To sign and encrypt the message, the sign and encrypt options should be selected.

Outlook sign and encrypt

If your Outlook toolbar does not contain the sign and encrypt buttons, you can enable sign and encrypt by opening the "message options" and select the "Security Settings..."

Outlook security properties

Importing a certificate for a contact

If you received a certificate (.cer or .p7b file) for an external user you can add the certificate to an Outlook contact.

1. Open the contact and select the certificates2

Outlook certificates for contact

2. Click "Import..." and select the .cer or .p7b file

3. Finished.

The certificate is now associated with the contact.
  1. In this example the password was sent via an SMS Text message. The message is slightly different when the password was not sent via SMS.
  2. In Outlook XP and Outlook 2003, you should open the "Certificates" tab.