S/MIME ANd TouchDown for MAC

Hi everyone and welcome to Spring!  Today we have the last installment of our S/MIME series – today Dragonfly is going to talk about Mac.

 

Dragonfly from Nitrodesk support here. In this tutorial, I’m going to be showing how to import certificates for S/MIME in Touchdown for Mac, and how to send signed and encrypted messages. For this tutorial, make sure you have a valid certificate ready- if you’re not sure how to get one, contact your IT team. In this demo, I have my certificate already on my hard drive. (If you’re curious about more information on how S/MIME works, read the first blog post here: http://blog.nitrodesk.com/2014/02/21/securing-your-email-with-smime/)

Note: Also, one major pitfall is to be aware of what profile’s settings you are entering- as you can see in the below screenshot, I have four profiles in this Touchdown installation, so it’s important that I note which one I’m on. If you are trying to set up a certificate for one profile, but are in another profile’s settings, it obviously won’t work.

For the first step, you’re going to need to import your certificate into Touchdown.
Go into settings, and under email settings>Certificates.

The certificates screen:

Click import

The import certificate screen:

Adding a certificate from the desktop- I just happened to save mine here:

Once you find it, hit Open.

Entering the certificate password and choosing what it will be used for. In this case, I want to use it for signing and encryption:

Once done, hit ‘Import.’

Once you do that, you should see the certificate on the list of Certificates on the Settings>email settings>Certificates. Now, let’s send an encrypted email to the welovenitrodesk account. Before we do that, they will need our public key, but for the sake of simplicity, let’s assume they already have that. (I sent them a signed message earlier, and they validated, so they have it.) I’ll also need their public key as well. To get their public key, I have welovenitrodesk send me a signed message.

Welovenitrodesk’s signed message:

In this message, you can see the little signing icon meaning they’ve sent me a signed message, so I go and click on the little sign symbol. After clicking validate, and it shows up as valid, I click Import, and it gives me the message that it has been validated:

 

 

I want to make sure it’s still valid, so I click ‘validate’ then once it shows up as validated, I click import. Now that I have welovenitrodesk’s public key, I can send them encrypted mail once they have my public key.

Sending an encrypted and signed message to welovenitrodesk:

On the email compose screen, I hit the lock icon, and check the options to sign and encrypt the message, hit Ok, and send it out.

Back in Touchdown for iOS, I get the encrypted email:

Hope this has been a helpful tutorial in using Touchdown for Mac’s S/MIME functionality. If you have any questions or comments, feel free to get in touch with us at macsupport@nitrodesk.com. Thanks for reading!

-Dragonfly

Securing your Email with S/MIME

Today we start an awesome mini-series from one of our support gurus, DragonFly, about how S/MIME works in general, with following tutorials on how to implement S/MIME in TouchDown on iOS, Android and Mac platforms.  Check out today’s tutorial on iOS!

Hi,

Dragonfly from NitroDesk support here. In the following, today I’ll be describing how to import and use S/MIME in Touchdown for iOS. Using this functionality you can sign messages, proving that you are the person sending that particular message, and optionally encrypt them, meaning the email will only be readable by people who you have included in the message. Signing provides you with non-repudiation and potentially detect tampering on the fly and encryption prevents unauthorized viewing of the message. This type of functionality is great for keeping your emails safe and ensuring that information’s coming from the right source. (For more information on how S/MIME works, here’s a good tutorial: http://technet.microsoft.com/en-us/library/aa995740%28v=exchg.65%29.aspx) Just know that to send an encrypted email, you need to have the recipient’s public key and vice versa- these can be verified from within Touchdown when that person sends you a signed message. Here’s what you’ll need before you get started:

First, you’ll need a certificate for S/MIME signing and the latest version of Touchdown. To get a certificate for S/MIME, you’ll want to contact your IT team. Also, keep in mind the only two certificate types Touchdown supports is .pfx and .p12. The certificate would need to include the complete chain to the root certificate authority.

If you have your certificate already in IE, but need to export it to your desktop,Here’s how (in IE):

1. Go into the Settings>Internet Options, and clicking on the Content tab.

2. Click on Certificates, and find the one you want to export

3. Click Export. Make sure you choose the option to export the private key and also to include all certificates in the certification path.

4. Choose a file path, and save it.

5. Don’t forget to  remember the password you use to perform the export. This password prevents anyone else from being able to access the certificate. If you’re having difficulty with this process, contact your IT team and see if there’s another way you should be doing it. As with any operations like this, make sure you are staying within your IT team’s best practices so you stay in alignment with any security policies.

6. Once you have your certificate backed up to a file, send that file to your email as an attachment, and you’re ready to go.

Let’s start with the iOS version.

S/MIME for iOS

In this demo, I show how to send an encrypted email to the ‘welovenitrodesk’ account.

First, I want to ensure that I have my certificate for S/MIME, so I find the email with the attached certificate, and view it in the attachment list.

The attached certificate, note the file type is .pfx. 

After downloading, I click the ‘I’ icon and choose to ‘Import for both.’

Choose Import for Both.

A password prompt appears.

Enter your certificate password here that was created when you generated the certificate. 

After entering the correct password (This is set up during certificate exporting from your browser, for help with this  please contact your IT team) it will tell you your certificate has been saved.

Saved certificate message. 

Now that I have a certificate, I’m ready to send the account  welovenitrodesk an encrypted message:

I click on the tools/options icon and enable Encryption and signing.

Tools icon to enable encryption signing.

Enable signing and encryption for the email.

I send the email. If you suddenly see this message (see below), it means you didn’t validate the recipient’s public certificate key from a signed message. (This can also be done over the GAL if your company supports it.) Remember how I said earlier that to send an encrypted email, you need the recipient’s public key? Now I just need to fetch it. Thankfully, a while back welovenitrodesk sent me a signed message, which contains the key.

Oops!

I find the email where welovenitrodesk sent me the key, and click on the lock icon.

Welovenitrodesk sent me a signed message.

I click ‘verify signature’ and it verifies.

Now I can send that encrypted message!

The second time, I attempt to send the encrypted message again. This time it comes through.

Back in welovenitrodesk, after having imported the public certificate and the welovenitrodesk certificate, I check the encrypted message, and am able to successfully decrypt it.

The signed and encrypted email.

Clicking on the lock icon, I can confirm that it is indeed signed and encrypted.

Hope this helps you get a better understanding on how to use S/MIME functionality with Touchdown for  iOS. If you have any questions, please feel free to contact us at  iossupport@nitrodesk.com for any iOS queries. Be sure to check in on Monday for Part II, SMIME for Android. Thanks for reading!