Step 1. Purchase
The BLOA Secure Email product includes three digital certificates: authentication, digital signature, and encryption. These certificates support login to Exostar’s Managed Access Gateway (MAG) and connected customer applications, digital signature and encryption.
To complete your purchase:
1. Access Exostar’s web store and select the purchase now link located next to Basic Level of Assurance (BLOA) – Secure Email.
2. Select one of the Buy options:
– Buy For Yourself
– Buy For Other(s): Selecting this option requires you fill in the user’s information.
3. Review your Shopping Cart for accuracy. Click the Proceed to Checkout button.
4. On the Payment Information page, select to pay via Credit Card or Invoice. Fill out all required information. Click Continue.
5. On the Review and Submit Your Order page, click the Disclaimer link and review the information. Once you complete your review, select the checkbox next to I have read and acknowledged the following Disclaimer prior to purchase.
6. Click Submit Order.
NOTE: A confirmation page displays, providing your Sales Order Number (SO#####).
2. Select one of the Buy options:
– Buy For Yourself
– Buy For Other(s): Selecting this option requires you fill in the user’s information.
3. Review your Shopping Cart for accuracy. Click the Proceed to Checkout button.
4. On the Payment Information page, select to pay via Credit Card or Invoice. Fill out all required information. Click Continue.
5. On the Review and Submit Your Order page, click the Disclaimer link and review the information. Once you complete your review, select the checkbox next to I have read and acknowledged the following Disclaimer prior to purchase.
6. Click Submit Order.
NOTE: A confirmation page displays, providing your Sales Order Number (SO#####).
Step 2. Request Access
Once you successfully complete a certificate purchase, you must request access via MAG.
To request FIS access:
1. Login to MAG. Select Request Access in the Federated Identity Service (FIS) section, bottom right corner, of the My 2FA Credentials section.
2. In the FIS Certificate Information section, make selections from the drop-down menus provided.
NOTE: These selections must match your Basic Level of Assurance (BLOA) Secure Email purchase.
3. In the User Information section, verify all data input. Click Next.
A confirmation screen displays. Your Organization’s FIS Administrator must approve your request. Once your request is approved, you can download your certificate.
2. In the FIS Certificate Information section, make selections from the drop-down menus provided.
NOTE: These selections must match your Basic Level of Assurance (BLOA) Secure Email purchase.
3. In the User Information section, verify all data input. Click Next.
A confirmation screen displays. Your Organization’s FIS Administrator must approve your request. Once your request is approved, you can download your certificate.
Step 3. Download Certificates
Pre-requisites for downloading identity certificates:
- Received 16-digit passcode from Exostar via email
- Reviewed system and certificate download requirements
To download certificates you are approved for:
1. Go to the My Account tab. Click the Manage Certificates sub-tab.
2. Enter the passcode you received via email from Exostar. Click Submit.
NOTE: The passcode is a 16-digit number separated by hyphens; for example: 1234-5678-1234-5678. The passcode is NOT the same as your Exostar’s Managed Access (MAG) account login password.
3. Download your certificates. If your browser prompts you to Allow Multiple Downloads, click Allow. The certificates are protected by the same passcode you entered in Step 2.
NOTE: This activity allows Exostar to archive the encryption key for recovery at a later time. Refer to the Recover Encryption Key section for more information.
4. Complete the certificate download. The system presents the download status at each step.
5. Once the download is complete, a confirmation message displays. Double click the downloaded certificate to begin importing it to your personal key store.
NOTE: Refer to the FAQ section of the FIS Training Resources page for information on any certificate download errors.
2. Enter the passcode you received via email from Exostar. Click Submit.
NOTE: The passcode is a 16-digit number separated by hyphens; for example: 1234-5678-1234-5678. The passcode is NOT the same as your Exostar’s Managed Access (MAG) account login password.
3. Download your certificates. If your browser prompts you to Allow Multiple Downloads, click Allow. The certificates are protected by the same passcode you entered in Step 2.
NOTE: This activity allows Exostar to archive the encryption key for recovery at a later time. Refer to the Recover Encryption Key section for more information.
4. Complete the certificate download. The system presents the download status at each step.
5. Once the download is complete, a confirmation message displays. Double click the downloaded certificate to begin importing it to your personal key store.
NOTE: Refer to the FAQ section of the FIS Training Resources page for information on any certificate download errors.
Exostar LDAP Proxy/Secure Email Set-up
It is recommended both Email Encryption set-up and Certificate Discovery steps are completed to enable users of Exostar’s LDAP Proxy / Secure Email services. Certificate Discovery requires connection to Exostar’s LDAP Proxy Service via port 389. This may require additional configuration by your IT infrastructure groups depending on local policy and controls. For Lotus Notes and Mozilla Thunderbird, contact Exostar Customer Support. You must provide Customer Support with your email client version. Please select from the different versions of Outlook below.
Outlook 2007
To set-up email encryption:
1. Open Outlook 2007. Select Tools/Trust Center from the menu.
2. From the left navigation, select Email Security.
3. To send encrypted or digitally signed email, select Add digital signature to outgoing messages, Send clear text signed message when sending signed messages and Encrypt contents and attachments for outgoing messages to send an encrypted email by default.
4. Under default setting, select Outgoing email. Click Settings.
5. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
6. For Encryption certificates, follow step #4 and ensure the encryption algorithm selected is 3DES. Click OK.
2. From the left navigation, select Email Security.
3. To send encrypted or digitally signed email, select Add digital signature to outgoing messages, Send clear text signed message when sending signed messages and Encrypt contents and attachments for outgoing messages to send an encrypted email by default.
4. Under default setting, select Outgoing email. Click Settings.
5. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
6. For Encryption certificates, follow step #4 and ensure the encryption algorithm selected is 3DES. Click OK.
To digitally sign and encrypt an email:
1. Compose your email and attach files (as you normally would).
2. Click Sign .
3. Click Send.
2. Click Sign .
3. Click Send.
To set-up certificate discovery:
1. Open Microsoft Outlook.
2. Select Tools, Account Settings, then Address Book.
3. Select Internet Directory Service (LDAP). Click Next.
4. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
5. You receive a notification to close Microsoft Outlook to activate the new settings. Click OK.
6. You receive a Congratulations message. Click Finish and close Microsoft Outlook.
7. Restart Microsoft Outlook to send encrypted email.
2. Select Tools, Account Settings, then Address Book.
3. Select Internet Directory Service (LDAP). Click Next.
4. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
5. You receive a notification to close Microsoft Outlook to activate the new settings. Click OK.
6. You receive a Congratulations message. Click Finish and close Microsoft Outlook.
7. Restart Microsoft Outlook to send encrypted email.
Outlook 2010
To set-up email encryption:
1. Open Outlook 2010. From the top left, select the File tab.
2. Select Options from the left navigation.
3. Select Trust Center. Click Trust Center Settings.
4. Select E-mail Security.
5. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.
6. Under Default Setting, select My S/MIME Settings (username). Click the Settings button.
7. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
8. For Encryption certificates, follow step #6 and ensure the encryption algorithm selected is 3DES. Click OK.
2. Select Options from the left navigation.
3. Select Trust Center. Click Trust Center Settings.
4. Select E-mail Security.
5. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.
6. Under Default Setting, select My S/MIME Settings (username). Click the Settings button.
7. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
8. For Encryption certificates, follow step #6 and ensure the encryption algorithm selected is 3DES. Click OK.
To digitally sign and encrypt an email:
1. Compose your email and attach files (as you normally would).
2. Click the Options tab.
3. In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook must be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
2. Click the Options tab.
3. In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook must be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
To set-up certificate discovery:
1. Open Microsoft Outlook. From the top left, select the File tab.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
6. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
7. You receive a pop-up notification. Click OK. Click Next.
8. You receive a Congratulations notification. Click Finish and close Microsoft Outlook.
9. Restart Microsoft Outlook to send encrypted email.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
6. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
7. You receive a pop-up notification. Click OK. Click Next.
8. You receive a Congratulations notification. Click Finish and close Microsoft Outlook.
9. Restart Microsoft Outlook to send encrypted email.
Outlook 2013
To set-up email encryption:
1. Open Outlook 2013. From the top left, select File tab.
2. Select Options from the left navigation.
3. Select Trust Center. Click the Trust Center Settings button.
4. Select E-mail Security. Click Settings.
5. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
6. For Encryption certificates, follow step #7 and ensure the Encryption algorithm selected is 3DES. Click OK.
7. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.
8. Under Default Setting, select My S/MIME Settings (username). Click OK.
2. Select Options from the left navigation.
3. Select Trust Center. Click the Trust Center Settings button.
4. Select E-mail Security. Click Settings.
5. You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.
6. For Encryption certificates, follow step #7 and ensure the Encryption algorithm selected is 3DES. Click OK.
7. To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messages, Add digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.
8. Under Default Setting, select My S/MIME Settings (username). Click OK.
To digitally sign and encrypt an email:
1. Compose your email and attach files (as you normally would).
2. Click the Options tab at the top.
3. In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
2. Click the Options tab at the top.
3. In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
To set-up certificate discovery:
1. Open Microsoft Outlook. From the top left, select the File tab.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Click Next.
6. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
7. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
8. You receive a pop-up notification. Click OK.
9. Click Next. Click Finish.
10. The Account Settings window displays ldapproxy.exostar.com. Click Close and restart Outlook to send an encrypted email.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Click Next.
6. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
7. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
8. You receive a pop-up notification. Click OK.
9. Click Next. Click Finish.
10. The Account Settings window displays ldapproxy.exostar.com. Click Close and restart Outlook to send an encrypted email.
Outlook 2016
To set-up email encryption:
1. Open Microsoft Outlook 2016. From the top left, select the File tab.
2. Select Options.
3. Select the Trust Center tab. Select Trust Center Settings.
4. Select the Email Security tab.
5. Under the Encrypted email section, select the checkbox for Encrypt contents and attachments for outgoing messages.
6. Select the Settings button.
NOTE: You may see your Signing certificate is already selected (for digitally signing the email).
7. To ensure correct certificates are used, click the Choose button to select the appropriate certificate. Make sure the hash algorithm is SHA1.
8. For Encryption certificates, select the appropriate certificate and ensure the Encryption algorithm selected is AES. Click OK.
9. Click OK, again.
2. Select Options.
3. Select the Trust Center tab. Select Trust Center Settings.
4. Select the Email Security tab.
5. Under the Encrypted email section, select the checkbox for Encrypt contents and attachments for outgoing messages.
6. Select the Settings button.
NOTE: You may see your Signing certificate is already selected (for digitally signing the email).
7. To ensure correct certificates are used, click the Choose button to select the appropriate certificate. Make sure the hash algorithm is SHA1.
8. For Encryption certificates, select the appropriate certificate and ensure the Encryption algorithm selected is AES. Click OK.
9. Click OK, again.
To digitally sign and encrypt an email:
1. Compose your email and attach files (as you normally would).
2. Select Options.
3. Select to Sign or Encrypt the email without affecting the settings for other outgoing mail.
4. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
2. Select Options.
3. Select to Sign or Encrypt the email without affecting the settings for other outgoing mail.
4. Click Send.
NOTE: Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.
To set-up certificate discovery:
1. Open Microsoft Outlook. From the top left, select the File tab.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Click Next.
6. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
7. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
8. You receive a pop-up notification. Click OK.
9. Click Next. Click Finish.
10. The Account Settings window displays ldapproxy.exostar.com. Click Close and restart Outlook to send an encrypted email.
2. Select the Account Settings icon. Click Account Settings.
3. Select the Address Book tab. From the left side, select the New icon.
4. Select Internet Directory Service (LDAP). Click Next.
5. Click Next.
6. Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.
7. You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.
8. You receive a pop-up notification. Click OK.
9. Click Next. Click Finish.
10. The Account Settings window displays ldapproxy.exostar.com. Click Close and restart Outlook to send an encrypted email.