Getting S/Mime Encryption to Work on Internet Explorer with OWA

Connie Xu
3 min readMar 18, 2021

--

For some reason, S/Mime encryption is sometimes finnicky. The other day, I was helping my friend try to debug his problem on why his s/mime on internet explorer was not working when he was using the outlook online application. I decided to publish what we found to work for us here so that others may not have to struggle to find the answer.

First, the issue we encountered was on Internet Explorer on Windows 10 when using Outlook WebApp (OWA). After going to settings > mail > s/mime, he had the ability to sign and encrypt emails, but could no longer send emails at all after turning this on. He had his digital ID (or certificate) on his computer and knew that the issue was not with the digital signature/ID.

First, I would like to give credit to this forum post, as this fixed our problem.

  1. Open internet explorer
  2. Go to the gear icon on the top right corner of internet explorer. A drop down menu should appear.
  3. Scroll down to Safety and ensure that ActiveX Filtering is not turned on. If it is on, there will be a check next to it. If you click on ActiveX Filtering, the drop down menu will disappear and you can then check to see if there is a check next to it. Make sure that the check is not there.
  4. Click on the gear icon again and then scroll down to Internet Options. A pop-out menu should appear. On this pop-out menu, you should see General, Security, Privacy, Content, Connections, Programs, and Advanced.
  5. Click on Security.
  6. In the Security tab, you should see a Trusted Sites setting. Click on Trusted Sites and then below should be a tab that says “Sites”. Click Sites.
  7. Add the URL of your Outlook WebApp site to your trusted sites list. For example: https://outlook.office.com/mail/inbox
  8. After adding it by pressing Add, press close and then navigate to your OWA site.
  9. At the top of the site, you should see a circle with a diagonal line through it. If you do not see this circle, close out of your browser and go back in.
  10. Once you see that circle, click on it and click Turn Off ActiveX Filtering. Doing so will give let you use s/mime.
  11. The next step is to check whether S/Mime is installed. To verify this, go to OWA Options (usually on top right corner of site) > See All Options > Settings > S/Mime. In my case, s/mime had to reinstall and so we reinstalled by saving it and then running it. This was quick and we did not realize we reinstalled it. If you reinstall, close out of your browser and renavigate back to the OWA site after opening it again. You can verify that it is installed by nagivating back to the S/Mime tab and seeing the two checkboxes.

For these all to be able to work, you just close out of your browser and go back in. On the forum post, there are other things you may have to do if it does not work still after performing these steps. I hope this helps and I hope this saves you a lot of frustration if this happens to you.

--

--

Connie Xu

Software engineer @ Big Tech. Exploring tech, financial freedom, and everything in between.