Enroll, Install, and Publish Digital Certificates (Windows)

Purpose

Digital certificates are used for email encryption and signing. Please follow the instructions below for a digital certificate.

Index

Enrolling for a Digital Certificate

Digital Certificates website.

  • You will be asked to verify your email; enter your UTD email, wait for the email to arrive, and follow the instructions.

Client Certificate Management homescreen.

Email confirmation request.

  • Once you have verified your email address, you will either be given the option to enter an access code straight away, or you will be taken to a dashboard where you first must click the Plus Sign icon (+) button on the top right to get the access code prompt.

    • In either situation, input the access code as 883.

Client certificate enrollment with access code.

  • If you have trouble with the previous step, visit https://cert-manager.com/customer/InCommon/smime again after the email verification and you should see the access code prompt (883).
  • After you enter the access code, you will be taken to the certificate enrollment form.
  • Change the Certificate Term to 3 years and fill out the rest of the form.
    • Remember your password/passcode for the certificate, as this will be used for installing it.
  • Select Submit to complete the form.
    • In some cases, you may receive an error saying, "Access to CA is denied". If so, please email infosecurity@utdallas.edu indicating the error for assistance with your account.
  • On the final screen, click Download and save the file (if you were not asked where to save the certificate, it is most likely in your “Downloads” folder as a ".p12" file-type).

Option to download selected certificate.

Note: After you have saved your certificate-file, copy it to another safe location, e.g. your H-drive or your CometSpace (Box) folder. This will make it easy to restore if you get a new PC, have Windows reinstalled, etc.
  • Next, you will need to Install Your Digital Certificate.

Installing the Digital Certificate

Installing / Publishing Digital Certificate on Windows / Microsoft Outlook

  • Open the directory in which you saved your certificate file.
  • Double-click on the certificate.
    • This should launch the Certificate Import Wizard.
  • When the wizard launches, the Current User option should be selected by default. If not, select it and click Next.

Certificate Import Wizard homescreen.

  • Enter the name of the file you want to import or click on Browse… to select it from your device and click Next.

File to be imported in the Certificate Import Wizard.

  • Click Next on the screen until prompted to enter your password for the private key.

    • Enter the password you set when you originally requested your certificate.
    • Check() the Mark this key as exportable box.
    • Check() the Include all extended properties box.

Private key protection and password screen.

  • Click Next.
  • Select a location for the certificate to be saved on your device and click Next.

Location selection for downloading the digital certificate.

  • Click Finish.
  • If you are using your certificate to sign a document, you are done. If you are using the certificate to sign an email, you will first need to Publish Your Certificate to the Global Address List.
Note: Move on to step #3 only if you are using certificate for email signing; it is not necessary for document signing.

Publishing Your Certificate to the Global Address List After Installing

  • Open Outlook and click File > Options > Trust Center.
  • Select Trust Center Settings... at the right.

Trust Center Settings screen.

  • Click Email Security in the left pane.
  • Under the "Digital IDs (Certificates)" section, click the Publish to GAL... button.
  • If the Publish to GAL... button is unavailable, or if you are trying to do this process on an operating system outside of Windows, click here to use our publish tool instead. If you choose to use the publishing tool, simply upload the certificate file along with the password.
  • Click OK.

Publishing the certificate to the Global Address List after installation.

Details

Article ID: 29
Created
Mon 11/22/21 12:36 PM
Modified
Thu 11/30/23 3:21 PM

Related Services / Offerings (1)

Email Encryption allows users to send encrypted emails to people inside or outside the organization. To view encrypted messages, recipients will receive a one-time passcode (guests), or UTD students, staff, and faculty can log in with their UTD credentials.