From Office and Windows to Xbox and Skype, one username and password connects you to the files, photos, people, and content you care about most. Email and calendar together. All you need to be your most productive and connected self—at home, on the go, and everywhere in between. Your Microsoft account comes with 5GB of storage. Meet Outlook for Android, the app that helps millions of users connect all their email accounts, calendars and files in one convenient place. Newly redesigned, Outlook for Android lets you do more from one powerful inbox. See what matters most first with the Focused inbox that keeps the important messages on top. Switch between your emails and calendar to schedule your next meeting or share. Microsoft's frequent changes may cause issues with the email you receive on your Android phone. Jack Wallen offers a reader advice about such a problem. Email and untrusted server certificate. Oct 23, 2019 The Microsoft Windows HTTP Services (WinHTTP) Certificate Configuration Tool, WinHttpCertCfg.exe, enables administrators to install and configure client certificates in any certificate store that can be accessed by the Internet Server Web Application Manager (IWAM) account.
Expand your Outlook. We've developed a suite of premium Outlook features for people with advanced email and calendar needs. An Office 365 subscription offers an ad-free interface, custom domains, enhanced security options, the full desktop version of Office, and 1 TB of cloud storage. Add your Outlook.com, Office 365, Exchange-based email, or IMAP or POP email account to your Android phone or tablet using the built-in Android Email app. By using this site you agree to the use of cookies for analytics, personalized content and ads.
- Apply your certificate
Before you begin
You can use S/MIME certificates, also called 'S/MIME Certs' or 'Personal Certificates', with most email clients to digitally sign and/or encrypt email messages. At Indiana University, S/MIME certificates are provided by the InCommon Certificate Service. For instructions on getting a certificate, see Get an S/MIME certificate for digital email signatures at IU.
When you receive your certificate from InCommon, it will be encrypted in the PKCS 12 format (.p12
or .pfx
), using the strong passphrase ('PIN') you created for it at the time of request. You will need this passphrase to install the certificate.
Also, for details about potential issues with various devices and applications when using digital signatures, be sure to refer to Known issues with digitally signed email at IU.
- To use S/MIME certificates on an Android device, you must be running Android OS 4.4 or later; still, your device may not support S/MIME certificates. You may wish to use a paid app such as Nine, available from the Google Play Store.
- You need to set a lock screen PIN or password on your Android device before you can use credential storage; for instructions, see the Setting or changing a screen lock pattern, PIN, or password section of Secure your Android OS device.
- To use these instructions, you must have an InCommon certificate file (in
.p12
or.pfx
format) saved to your personal computer and remember the PIN you used to encrypt it (as described in Getting an S/MIME certificate at IU). If you are unable to locate the certificate file on your computer, you can use a certificate management application to export it; refer to the following instructions for Windows or macOS systems:
View a video about using digital signatures on Android devices.
Install your certificate
On Android devices, the following standard security notification may appear occasionally after installing new root certificates:
'A third party is capable of monitoring your network activity, including emails, apps, and secure websites. A trusted credential installed on your device is making this possible.'
Option 1: Email the certificate files to yourself
- From your computer, send yourself an email message with your
certificate.p12
orcertificate.pfx
file as an attachment. - On your Android device, open the email message and tap the attached file to start the installation.
- Enter the PIN you used to encrypt the certificate file, and then tap OK.
- When prompted for a certificate name, enter a name to use as a label for your certificate, for example
username@iu.edu
. - Next to 'Credential use', make sure VPN and apps is selected.
- You should be prompted to finish installing the certificate by tapping OK or some other means.
When you are finished, your InCommon certificate should be listed among the trusted credentials in your device's security settings (on the Users tab at Settings > Security > Credential storage > Trusted credentials).
Option 2: Download the certificate files
If you tried installing the inCommon certificate by emailing the files to yourself and the InCommon certificate does not appear in your device's security settings, do the following:
- On your device's web browser, go to the sites below and install both certificates; the process is the same for each:
- On the 'Install Profile' screen, you will see the 'Verified' certificate file to install. Tap Install.
- If you have a fingerprint scan or passcode, use it to verify and proceed. Your device may alert you that installing the profile changes settings on your device. Tap Install when you're given the option.
- Tap Done.
Apply your certificate
To configure your device's mail app to digitally sign outgoing IU Exchange email using your certificate, try one of the following sets of instructions. You may need to modify slightly, depending on your device and version of Android.
Option 1
- In your email app, tap the Menu (usually three bars on the top left).
- Choose Settings (the cog wheel).
- Select your email account.
- Scroll down and tap Security options.
- Choose Email signing cert.
- Typically the cert (which you obtained by sending via email) will display. Tap Allow (not Install).On some Android devices, you may need to tap Install again (even if you've already installed the certificate), and then tap Allow.
- If you wish to sign all messages, select Sign all outgoing messages. You can instead do this on a message-by-message basis, if you wish.
- Tap Done, and use your back arrow to get back to your Inbox.
Option 2
- Access the 'Security settings' screen for your account:
- On your device, open Settings, select Accounts, and then select the icon for the email app that's associated with your IU Exchange account.
- Select Account settings, and then select your IU Exchange account (which should be displayed below General settings).
- Scroll down to the 'Server settings' section, and then select Security settings.
- On the 'Security settings' screen:
- Select Certificates to open the 'Choose certificate' screen, make sure the InCommon certificate you imported is selected, and then select Allow.On some Android devices, you may need to tap Install again (even if you've already installed the certificate), and then tap Allow.
- Under 'Digital signature settings', check the Default digital signature box to digitally sign all IU Exchange mail sent from your Android device. You can instead do this on a message-by-message basis, if you wish.
- Select Certificates to open the 'Choose certificate' screen, make sure the InCommon certificate you imported is selected, and then select Allow.
Digitally sign mail on a message-by-message basis
If you don't wish to digitally sign all your outgoing messages, you can do so on a message-by-message basis:
- Open a new message.
- In the upper right, tap the Settings menu (often three dots).
- Tap Security options, and the option to sign or remove signing from that message should be a radio button.
Configure optional encryption settings
Optionally, you can configure your device's mail app to encrypt outgoing IU Exchange mail using your certificate. Android's default encryption setting will attempt to encrypt all mail sent from your account. If you do not have the public certificate belonging to the person to whom you are sending mail, that message will not be encrypted.
To enable encryption:
- If necessary, follow the steps in the previous section to return to the appropriate 'Security settings' screen.
- Under 'Encryption settings', check the Default encryption box.
Use a group account certificate
Apps For Microsoft Phone
To use an S/MIME certificate with a group account, install and enable the certificate as you would for a standard account.
- If the profile you are using in your email client is the group account, there should be no issues.
- If the profile you are using in your email client is your personal account and you want to send email from the group account, in your email message, open the 'From' field and enter the group account address. If your personal account has 'send as' rights for the group account, there should be no issues. If you are unsure whether you have 'send as' rights, contact your IT Pro.
- Authentication Certificates
Microsoft Live Email Certificate Download For Android Phones
This document explains how you can import your CPAC/Email onto Android devices.
Background notes
The native Android mail client does not support signing or encryption of emails. Signing and encryption is, however, supported by some 3rd party apps and by some manufacturer-specific mail clients such as the one found on Samsung Galaxy devices. For help in this area, see List of SMIME compatible Android clients and Android – Djigzo app. We will add more documents as support grows for SMIME on Android.
If you originally downloaded your certificate to your desktop or laptop then you first need to export it using one of the browsers listed on the CPAC main page. When doing this, please make sure you export the private key and include all certificates in the certificate path if possible. You must also specify a strong password to protect the certificate file.
Once exported from your computer, you need to transfer it to your Android device (for example, copy to a USB drive or upload then download from online storage or email it to your device). The example in this document shows installation of a certificate that has been transferred to an SD card.
Import your certificate to Android:
Tap Settings > Security. Under 'Credential Storage' select 'Install from SD card'.
Enter the password you set up for the certificate when it was exported and click 'OK'.
In the 'Name the certificate' screen, enter a friendly name to identify the certificate and tap OK.
If you have not yet set a passcode or pattern to lock your home screen then you will be prompted to do so before proceeding. This is required before you can install your certificate and will be requested in future to access the Android certificate store (Settings > Trusted Credentials). If you have already set a screen passcode this step will be skipped and the certificate will be installed.
Click OK. The Certificate will be installed.
You can confirm tcertificate installation by viewing the User Certificates under Trusted Credentials.
Open the Settings panel and tap Security > Trusted Credentials
Tap the User tab. You will see the list of user authentication certificates installed on your Android device.
Contact us for consultation on your security needs.