Öffnet in neuem Fenster Opens in a new window Öffnet externe Seite Opens an external site Öffnet externe Seite in neuem Fenster Opens an external site in a new window

Using a certificate of your external partner to exchange encrypted e-mail

If you want to send an encrypted message to your e-mail partner, you need their public key. But how do you get it?

The public keys of HZB e-mail address owners are stored in the Active Directoy service, provided that the key owner agreed to the publication when applying for a certificate.


Outlook finds them directly there, so that encrypted e-mails can be exchanged with partners within the HZB without any problems.



Thunderbird, on the other hand, uses its own certificate store. Here, however, it is sufficient to first exchange a digitally signed e-mail. Thunderbird automatically stores the public key of a received e-mail so that it can be used immediately afterwards to encrypt the e-mail correspondence without you having to do anything extra. This applies equally to HZB internal and external e-mail partners.



It is different with Outlook with external e-mail partners. While you can reply immediately to an e-mail from an e-mail partner, even encrypted, Outlook does not automatically save the public key. If you later compose a new e-mail to your e-mail partner, Outlook does not know the public key required for encryption.

Therefore you have to extract the key once manually from a signed e-mail of your partner and add it to his Outlook contact. Unfortunately, this can only be done by saving it to a file and then importing it.

Open a digitally signed e-mail of your mail partner and click on the red signature icon. A new window will pop up with information about the validity of your e-mail partner's certificate. Click the "Details..." button here.


In the window that opens, select the bottom line with the e-mail address and click "Show details...". This will open another window with the certificate properties. In the "Details" tab, click the "Copy to file..." button and use the wizard to save the certificate with your partner's public key to a file. You can close the windows afterwards.

In the next step you can add the certificate to the Outlook contact. If you don't have your e-mail partner in your Outlook contacts yet, create one first, e.g. by right-clicking on his address -> "Add to Outlook Contacts" or directly via the Contacts panel at the bottom left of the Outlook window.

Now open the e-mail partner's contact and select "Certificates" in the "View" section of the ribbon. You may need to drag the window wider to see this item.

Use the "Import..." button on the right edge of the window to select the certificate file saved in the previous step.

You will now see the imported certificate. Do not forget to save the just imported certificate with the contact. To do this, you will find the "Save & close" button in the upper left corner.

Now you can also send encrypted e-mails to your external e-mail partner with Outlook.