To send S/MIME encrypted email messages to a user managed by Encryption Management Server, you need to obtain the user's public S/MIME certificate.
If your organization also uses Encryption Management Server, the two Encryption Management Servers can perform key lookups on each other. Encryption Desktop Email can also be used to lookup keys on the remote Encryption Management Server.
If your organization does not use Encryption Management Server and you do not use Encryption Desktop Email then Microsoft Outlook can be used but some configuration is required.
Microsoft Outlook can find and download S/MIME certificates for users managed by Encryption Management Server. This is possible by adding the remote Encryption Management Server as an LDAP Address Book in Microsoft Outlook.
The following requirements apply:
To add an LDAP address book in Microsoft Outlook 2013, please follow the following steps. Also please see the Microsoft article Add or remove an address book. The steps are almost identical in all versions of Outlook:
To use the new LDAP address book to send an S/MIME encrypted message, do the following:
Outlook will look in the local Contacts address book by default and the local Contacts address book can store far more information for each contact than just their name and email address. To copy an Encryption Management Server user from the LDAP address book to the local Contact address book, follow the above steps and after step 6 do the following:
Users managed by Encryption Management Server can only send S/MIME encrypted messages if the Outlook user is an External User and their public S/MIME certificate has been imported into Encryption Management Server. The easiest method of doing this is to configure the Outlook user as a Web Email Protection user. They can then upload their public S/MIME certificate themselves (see above).