Google Apps sync for Microsoft Outlook and SMIME signing

To quote Bart Simpson “Mom it’s broken, Mom it’s broken” 

Using Outlook 2010 with the Google Apps Sync – if you want to digitally sign your email with an SMIME (SSL) certificate, you can choose which way to break things for recipients.

If you un-check the ‘send clear text signed message when sending signed messages’

smimefail

Things work for folks reading your mail in Outlook 2010

smimeright

But are busted if read in webmail clients (Hotmail, Gmail, etc).  Recipient gets an attachment – but body of email is blank.

Option #2 – send as clear text.  In this situation your plain text body is readable by everyone.  But SMIME compatible mail clients (Outlook 2010, Thunderbird to name a couple) will not correctly parse and verify your signature – instead the recipient sees this .p7s attachment that is of little use to a human

plaintextfail

Seems we are not alone with this complain about the Google Apps Sync for Microsoft Outlook:

Support for sending emails signed using s/mime

Is it possible to use certifications to sign or encrypt mail using google apps sync for outlook?  (This seems to imply that the problem was fixed and recurred as a regression bug)

It attache a smime.p7s file when i send a digital signed mail over google apps sync for outlook

The only work-around I found was to install the GAS normally, then inside of Outlook create a second mail account using POP/SMTP.  Preferably POP server is working, but has no mail for you (lest you pull a second copy of your mail into Outlook into a PST separate from the ‘normal’ Google inbox).  Hazzah! I have the perfect candidate – our previous mail server

popOCS

Mail sent over SMTP from Outlook 2010 with SMIME to gmail works! (as long as you check the ‘send clear text’ box in Outlook’s Trust Center/Email security).

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply