Exostar LDAP Proxy/Secure Email Setup Guide September 2017 Copyright 2017 Exostar, LLC All rights reserved. 1
Table of Contents Email Encryption Set-up Outlook 2003... 4 Digitally Signing an Email... 4 Email Encryption Set-Up Outlook 2007... 5 Digitally Signing an Email... 6 Email Encryption Set-Up Outlook 2010... 7 Digitally Signing and Encrypting an Email... 8 Email Encryption Set-Up Outlook 2013... 9 Digitally Signing and Encrypting an Email... 11 Certificate Discovery-Outlook 2003... 12 Certificate Discovery Outlook 2007... 13 Certificate Discovery Outlook 2013... 22 Boeing Certificate Download... 25 Copyright 2017 Exostar, LLC All rights reserved. 2
This document provides information on the following topics: Email Encryption set-up Outlook 2003 Email Encryption set-up Outlook 2007 Email Encryption set-up Outlook 2010 Email Encryption set-up Outlook 2013 Certificate Discovery Outlook 2003 Certificate Discovery Outlook 2007 Certificate Discovery Outlook 2010 Certificate Discovery Outlook 2013 Boeing Certificate Download Please note the following: 1. It is recommended that both Email Encryption set-up and Certificate Discovery steps are completed to enable users of Exostar s LDAP Proxy / Secure Email services. 2. Certificate Discovery requires connection to Exostar s LDAP Proxy Service via port 389. This may require additional configuration by your IT infrastructure groups depending on local policy & controls. 3. For Lotus Notes and Mozilla Thunderbird, contact Exostar Customer Support. You will need to provide Customer Support with your email client version. Copyright 2017 Exostar, LLC All rights reserved. 3
Email Encryption Set-Up Outlook 2003 1. Open Outlook 2003. 2. Select Tools. 3. Select Options from the drop down menu. 4. From the dialog box, select the Security tab. 5. Enter a name for your security setting into the Security Settings Name box. 6. Ensure S/MIME is selected on the Secure Message Format box. 7. Check the Default Security Setting for this Secure Message Format. 8. In the Certificates and Algorithms section, click the Choose button in the Signing Certificate Section. 9. Select your Secure Email Certificate from the Select Certificate dialog box. 10. Outlook should automatically choose the same Secure Email Certificate as your Signing Certificate for the email Encryption Certificate. If not, click the Choose button in the Encryption Certificate and select your Secure Email Certificate from the Select Certificate dialog box. 11. Ensure Send These Certificates with Signed Messages is selected. 12. Click OK to return to Options dialog box. 13. Click OK to return to Outlook. Digitally Signing an Email 1. Compose your email and attach files (as you normally would). 2. Click Sign. 3. Click Send. Follow the instructions in the Certificate Discovery Outlook 2003 section if you receive an error message. You may want to configure LDAP Proxy settings to enable certificate discovery. Copyright 2017 Exostar, LLC All rights reserved. 4
Email Encryption Set-Up Outlook 2007 1. Open Outlook 2007. 2. Select Tools/Trust Center from menu. 3. From the left navigation, select Email Security. 4. To send encrypted or digitally signed email, select Add digital signature to outgoing messages, Send clear text signed message when sending signed messages and Encrypt contents and attachments for outgoing messages to send an encrypted email by default. 5. Under default setting, select Outgoing email. 6. Click on Settings. 7. You may see that your signing certificate is already selected (for digitally signing the email). To ensure that correct certificates are used, click Choose and select the appropriate certificate. Make sure that the hash algorithm is SHA1. Copyright 2017 Exostar, LLC All rights reserved. 5
8. For Encryption certificates, follow step #6 and ensure that the encryption algorithm selected is 3DES. 9. Click OK. Digitally Signing an Email 1. Compose your email and attach files (as you normally would). 2. Click Sign. 3. Click Send. Follow the instructions in the Certificate discovery Outlook 2007 section if you receive an error message. You may want to configure LDAP Proxy settings to enable certificate discovery. Copyright 2017 Exostar, LLC All rights reserved. 6
Email Encryption Set-Up Outlook 2010 1. Open Outlook 2010. 2. From the top left, select the File tab. 3. Select Options from the left navigation. 4. Select Trust Center. 5. Click on Trust Center Settings. 6. Select E-mail Security. 7. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email. 8. Under Default Setting, select My S/MIME Settings (username). 9. Click on Settings button. Copyright 2017 Exostar, LLC All rights reserved. 7
10. You may see that your signing certificate is already selected (for digitally signing the email). To ensure that correct certificates are used, click Choose and select the appropriate certificate. Make sure that the hash algorithm is SHA1. 11. For Encryption certificates, follow step #9 and ensure that the encryption algorithm selected is 3DES. 12. Click OK. Digitally Signing and Encrypting an Email 1. Compose your email and attach files (as you normally would). 2. Click the Options tab. 3. In the options ribbon marked Permission, click on either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message or both if you choose. Copyright 2017 Exostar, LLC All rights reserved. 8
4. Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys. 5. Click Send. Follow the instructions in the Certificate discovery Outlook 2010 section if you receive an error message. You may want to configure LDAP Proxy settings to enable certificate discovery. Email Encryption Set-Up Outlook 2013 1. Open Outlook 2013. 2. From the top left, select File tab. 3. Select Options from the left navigation. 4. Select Trust Center. 5. Click on Trust Center Settings button. 6. Select E-mail Security. Copyright 2017 Exostar, LLC All rights reserved. 9
7. Click on Settings. 8. You may see that your signing certificate is already selected (for digitally signing the email). To ensure that correct certificates are used, click Choose and select the appropriate certificate. Make sure that the hash algorithm is SHA1. 9. For Encryption certificates, follow step #7 and ensure that the Encryption algorithm selected is 3DES. 10. Click OK. 11. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email. 12. Under Default Setting, select My S/MIME Settings (username). 13. Click OK. Copyright 2017 Exostar, LLC All rights reserved. 10
Digitally Signing and Encrypting an Email 1. Compose your email and attach files (as you normally would). 2. Click the Options tab at the top. 3. In the options ribbon marked Permission, click on either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message or both if you choose. 4. Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys. 5. Click Send. Follow instructions in the Certificate discovery Outlook 2013 section if you receive an error message. You may want to configure LDAP Proxy settings to enable certificate discovery. Copyright 2017 Exostar, LLC All rights reserved. 11
Certificate Discovery-Outlook 2003 1. Open Microsoft Outlook. 2. Select Tools then Email Accounts. 3. Select Add a new directory or address book and click Next. 4. Select Internet Directory Service and click Next. 5. Enter the encryption certificate lookup service s fully qualified domain name which is ldapproxy.exostar.com. 6. For the changes to take effect, restart Microsoft Outlook. Copyright 2017 Exostar, LLC All rights reserved. 12
Certificate Discovery Outlook 2007 1. Open Microsoft Outlook. 2. Select Tools, Account Settings then Address Book. 3. Select Internet Directory Service (LDAP). 4. Click Next. Copyright 2017 Exostar, LLC All rights reserved. 13
5. Enter ldapproxy.exostar.com in the Server Name field. 6. Click More Settings. 7. You will a notification to close Microsoft Outlook to activate the new settings. Click OK. Copyright 2017 Exostar, LLC All rights reserved. 17
8. You will receive a Congratulations message. Click Finish and close Microsoft Outlook. 9. Restart Microsoft Outlook to send encrypted email. Certificate Discovery Outlook 2010 1. Open Microsoft Outlook. 2. From the top left, select the File tab. 3. Select the Account Settings icon. Click on Account Settings. Copyright 2017 Exostar, LLC All rights reserved. 18
4. Select the Address Book tab. 5. From the left side, select the New icon. 6. Select Internet Directory Service (LDAP). Click Next. 7. Enter ldapproxy.exostar.com in the Server Name field. Copyright 2017 Exostar, LLC All rights reserved. 19
8. Click on More Settings. 9. You will receive a notification to restart Microsoft Outlook to activate the new settings. Click OK. 10. You will receive a pop-up notification. Click OK. Copyright 2017 Exostar, LLC All rights reserved. 20
11. Click Next. 12. You will receive a Congratulations notification. Click Finish and close Microsoft Outlook. 13. Restart Microsoft Outlook to send encrypted email. Copyright 2017 Exostar, LLC All rights reserved. 21
Certificate Discovery Outlook 2013 1. Open Microsoft Outlook. 2. From the top left, select the File tab. 3. Select the Account Settings icon. Click Account Settings. 4. Select the Address Book tab. 5. From the left side, select the New icon. 6. Select Internet Directory Service (LDAP). Click Next. Copyright 2017 Exostar, LLC All rights reserved. 22
7. Click Next. 8. Enter ldapproxy.exostar.com in the Server Name field. Click on More Settings. 9. You will receive a notification to restart Microsoft Outlook to activate the new settings. Click OK. Copyright 2017 Exostar, LLC All rights reserved. 23
10. You will receive a pop-up notification. Click OK. 11. Click Next. 12. Click Finish. Copyright 2017 Exostar, LLC All rights reserved. 24
13. The Account Settings window will display ldapproxy.exostar.com. 14. Click on Close and restart Outlook to send an encrypted email. Boeing Certificate Download If you do business with Boeing and have downloaded the certificates for exchanging encrypted emails for the B2B project, follow the steps below for additional configuration. 1. Go to http://www.boeing.com/crl/. 2. Select the Secure Messaging.crt and The Boeing Company Root Certificate Authority.crt. certificates. 3. Click each certificate under the Authority Information section. 4. Select Open. 5. Click Install Certificate (accept all defaults). 6. Click Next, Next again and Finish. 7. Select OK to close the dialog box that states the import was successful. Copyright 2017 Exostar, LLC All rights reserved. 25