Installing a user certificate on Windows

MYCERT 10-020

Important information

You need a user certificate in order to sign invoices correctly in the internal university portal (HIP). You do not need a certificate for any other applications in HIP.

What you need to know

A user certificate can be installed directly in Windows. With this procedure, the certificate is automatically imported into Outlook, Microsoft Edge, Google Chrome, the current version of Firefox, or other browsers that use the system certificate store.

What you have to do

  1. (If you haven't already done so) open Windows Explorer, navigate to the directory you created for your certificate file.

    Then double-click on the downloaded certificate file.

    • The name of your certificate file may differ from the one shown in Figure 1.1, depending on the name you specified when saving it.

    • The Certificate Import Wizard will start.

    • 1.1
    • 1.2

  2. Leave the default storage location set to “Current user” and then click the “Next” button.

    • The file to be imported will be displayed.

    • 2.1
    • 2.2

  3. Confirm your selection by clicking “Next”.

    • The import options will be displayed.

    • 3.1
    • 3.2

  4. Now enter the password you specified earlier (during the certificate request), check the box next to “Mark key as exportable. This allows you to back up or transfer your key at a later date” and confirm by clicking the “Next” button.

    • The options for the certificate store will be displayed.

    • 4.1
    • 4.2

  5. The selection is set to “Automatically select certificate store (based on certificate type)”. Leave this setting as it is and click the “Next” button again.

    • The final view, “Finish the wizard,” is displayed.

    • 5.1

  6. Click the “Finish” button and confirm the security warning with “Yes.”

    • You will receive a message informing you that the import process was successful.

    • 6.1
    • 6.2
    • 6.3

  7. Now you need to configure the settings for using the certificate in Outlook. To do this, open Outlook and select “Options” from the “File” menu.

    • The “Outlook Options” window will appear.

    • If you use Thunderbird, please follow the instructions on the help card Importing the user certificate into Thunderbird (MYCERT 10-030).

  8. Select the last menu item, “Trust Center,” and then click the “Trust Center Settings...” button.

    • The Trust Center settings will be displayed.

    • 8.1
      Enlarge image
      Outlook options

      Further settings are configured in the Trust Center.

  9. Select “Email Security” from the Trust Center menu. Then click the ‘Settings’ button under “Encrypted email messages.”

  10. Now change the two encryption algorithms and confirm the certificate settings with “OK.”

    • The selected MIME setting is set as the default.

    • Change the hash and encryption algorithms as shown in Figure 10.2.

    • If the certificate is not available, restart your system and try again.

    • 10.1
    • 10.2
      Enlarge image
      Change the encryption algorithms

      Change the hash and encryption algorithm using the illustration.

  11. Now, under “Encrypted email messages,” check the box next to “Add digital signature to outgoing messages” and save the settings by clicking “OK” twice (this closes the options).

    • The use of encrypted messages has now been successfully set up in Outlook.

    • 11.1
      Enlarge image
      Email security

      Outgoing messages should use the digital signature

Problems or questions?