Page tree


Page Contents


Related Content



Basic Certificate Download

Download Basic Level of Assurance Identity Certificates

Pre-requisites for downloading identity certificates:

  • Received 16-digit passcode from Exostar via email
  • Reviewed system and certificate download requirements 

To download certificates you are approved for:

Step 1.  Go to the My Account tab. Click the Manage Certificates sub-tab.

Step 2.  Enter the passcode you received via email from Exostar. Click Submit.

NOTE: The passcode is a 16-digit number separated by hyphens; for example: 1234-5678-1234-5678. You must enter all characters, including hyphens OR leave the hyphens out completely. The passcode is NOT the same as your Exostar's Identity and Access Management Platform (formerly MAG) log-in password.

Step 3.  Download your certificates. If your passcode is correct, the certificate displays with a status. The system automatically selects the certificate to download. 

NOTE: You are only able to see the Download Certificates sub-tab under Manage Certificates when you have an approved FIS request pending certificate download. If no certificates are available for download, you cannot view this sub-tab. 

Step 4.  After the certificate successfully downloads, a confirmation message displays.

NOTE: Refer to the FAQ section for Federated Identity Service for information on any certificate download errors. 


Exostar LDAP Proxy/Secure Email Set-up

It is recommended both Email Encryption set-up and Certificate Discovery steps are completed to enable users of Exostar’s LDAP Proxy / Secure Email  services. Certificate Discovery requires connection to Exostar’s LDAP Proxy Service via port 389. This may require additional configuration by your IT infrastructure groups depending on local policy and controls. For Lotus Notes and Mozilla Thunderbird, contact Exostar Customer Support.  You must provide Customer Support with your email client version.

Outlook 2003

Email Encryption Set-Up

Step 1.  Open Outlook 2003.

Step 2.  Select Tools.

Step 3.  Select Options from the drop-down menu.

Step 4.  From the dialog box, select the Security tab.

Step 5.  Enter a name for your security setting into the Security Settings Name box.

Step 6.  Ensure S/MIME is selected on the Secure Message Format box.

Step 7.  Check the Default Security Setting for this Secure Message Format.

Step 8.  In the Certificates and Algorithms section, click the Choose button in the Signing Certificate section.

Step 9.  Select your Secure Email Certificate from the Select Certificate dialog box.

NOTE: Outlook should automatically choose the same Secure Email Certificate as your  Signing Certificate for the email Encryption Certificate. If not, click the Choose button in the Encryption Certificate section and select your Secure Email Certificate from the Select Certificate dialog box.

Step 10.  Ensure Send These Certificates with Signed Messages is selected.

Step 11.  Click OK to return to Options dialog box.

Step 12.  Click OK to return to Outlook.


Digitally Sign and Encrypt Email

Step 1.  Compose your email and attach files (as you normally would).

Step 2.  Click Sign .

Step 3.  Click Send.


Certificate Discovery

Step 1.  Open Microsoft Outlook.

Step 2.  Select Tools, then Email Accounts.

Step 3.  Select Add a new directory or address book. Click Next.

Step 4.  Select Internet Directory Service. Click Next.

Step 5.  Enter the encryption certificate lookup service’s fully qualified domain name: ldapproxy.exostar.com.

Step 6.  For the changes to take effect, restart Microsoft Outlook.


Outlook 2007

Email Encryption Set-Up

Step 1.  Open Outlook 2007.

Step 2.  Select Tools/Trust Center from the menu.

Step 3.  From the left navigation, select Email Security.

Step 4.  To send encrypted or digitally signed email, select Add digital signature to outgoing messagesSend clear text signed message when sending signed messages and Encrypt contents and attachments for outgoing messages to send an encrypted email by default.

Step 5.  Under default setting, select Outgoing email.

Step 6.  Click on Settings.

Step 7.  You may see your signing certificate is already selected (for digitally signing the email).  To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.

Step 8.  For Encryption certificates, follow step #6 and ensure the encryption algorithm selected is 3DES.

Step 9.  Click OK.


Digitally Sign and Encrypt Email

Step 1.  Compose your email and attach files (as you normally would).

Step 2.  Click Sign .

Step 3.  Click Send.


Certificate Discovery

Step 1.  Open Microsoft Outlook.

Step 2.  Select ToolsAccount Settings, then Address Book.

Step 3.  Select Internet Directory Service (LDAP).

Step 4.  Click Next.

Step 5.  Enter ldapproxy.exostar.com in the Server Name field.

Step 6.  Click More Settings.

Step 7.  You receive a notification to close Microsoft Outlook to activate the new settings. Click OK.

Step 8.  You receive a Congratulations message. Click Finish and close Microsoft Outlook.

Step 9.  Restart Microsoft Outlook to send encrypted email.


Outlook 2010

Email Encryption Set-Up

Step 1.  Open Outlook 2010.

Step 2.  From the top left, select the File tab.

Step 3.  Select Options from the left navigation.

Step 4.  Select Trust Center.

Step 5.  Click on Trust Center Settings.

Step 6.  Select E-mail Security.

Step 7.  To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messagesAdd digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.

Step 8.  Under Default Setting, select My S/MIME Settings (username).

Step 9.  Click the Settings button.

Step 10.  You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.

Step 11.  For Encryption certificates, follow step #9 and ensure the encryption algorithm selected is 3DES.

Step 12.  Click OK.


Digitally Sign and Encrypt Email

Step 1.  Compose your email and attach files (as you normally would).

Step 2.  Click the Options tab.

Step 3.  In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both.

Step 4.  Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook must be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.

Step 5.  Click Send.


Certificate Discovery

Step 1.  Open Microsoft Outlook.

Step 2.  From the top left, select the File tab.

Step 3.  Select the Account Settings icon. Click Account  Settings.

Step 4.  Select the Address Book tab.

Step 5.  From the left side, select the New icon.

Step 6.  Select Internet Directory Service (LDAP). Click Next.

Step 7.  Enter ldapproxy.exostar.com in the Server Name field.

Step 8.  Click More Settings.

Step 9.  You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.

Step 10.  You receive a pop-up notification. Click OK.

Step 11.  Click Next.

Step 12.  You receive a Congratulations notification. Click Finish and close Microsoft Outlook.

Step 13.  Restart Microsoft Outlook to send encrypted email.

Outlook 2013

Email Encryption Set-Up

Step 1.  Open Outlook 2013.

Step 2.  From the top left, select File tab.

Step 3.  Select Options from the left navigation.

Step 4.  Select Trust Center.

Step 5.  Click the Trust Center Settings button.

Step 6.  Select E-mail Security.

Step 7.  Click Settings.

Step 8.  You may see your signing certificate is already selected (for digitally signing the email). To ensure correct certificates are used, click Choose and select the appropriate certificate. Make sure the hash algorithm is SHA1.

Step 9.  For Encryption certificates, follow step #7 and ensure the Encryption algorithm selected is 3DES.

Step 10.  Click OK.

Step 11.  To send encrypted or digitally signed email, select Encrypt contents and attachments for outgoing messagesAdd digital signature to outgoing messages and Send clear text signed message when sending signed messages to send an encrypted email.

Step 12.  Under Default Setting, select My S/MIME Settings (username).

Step 13.  Click OK.


Digitally Sign and Encrypt Email

Step 1.  Compose your email and attach files (as you normally would).

Step 2.  Click the Options tab at the  top.

Step 3.  In the options ribbon marked Permission, click either the Encrypt icon to encrypt the message, the Sign icon to digitally sign the message, or both.

Step 4.  Sending an encrypted email requires the recipients public encryption key (Digital Certificate). MS Outlook will need to be configured for certificate discovery or users will need to exchange digitally signed email first to exchange public encryption keys.

Step 5.  Click Send.


Certificate Discovery

Step 1.  Open Microsoft Outlook.

Step 2.  From the top left, select the File tab.

Step 3.  Select the Account Settings icon. Click Account Settings.

Step 4.  Select the Address Book tab.

Step 5.  From the left side, select the New icon.

Step 6.  Select Internet Directory Service (LDAP). Click Next.

Step 7.  Click Next.

Step 8.  Enter ldapproxy.exostar.com in the Server Name field. Click More Settings.

Step 9.  You receive a notification to restart Microsoft Outlook to activate the new settings. Click OK.

Step 10.  You receive a pop-up notification. Click OK.

Step 11.  Click Next. Click Finish.

Step 12.  The Account Settings window displays ldapproxy.exostar.com.

Step 13.  Click Close and restart Outlook to send an encrypted email.

Boeing Certificate Download

If you do business with Boeing and have downloaded the certificates for exchanging encrypted emails for the B2B project, follow the steps below for additional configuration.

Step 1.  Go to http://www.boeing.com/crl/.

Step 2.  Select the Secure Messaging.crt and The Boeing Company Root Certificate Authority.crt. certificates.

Step 3.  Click each certificate under the Authority Information section.

Step 4.  Select Open.

Step 5.  Click Install Certificate (accept all defaults).

Step 6.  Click NextNext again and Finish.

Step 7.  Select OK to close the dialog box that states the import was successful.


Download Basic Level of Assurance Secure Email Certificates

Pre-requisites for downloading identity certificates:

  • Received 16-digit passcode from Exostar via email
  • Reviewed system and certificate download requirements 

To download certificates you are approved for:

Step 1.  Go to the My Account tab. Click the Manage Certificates sub-tab.

Step 2.  Enter the passcode you received via email from Exostar. Click Submit.

NOTE: The passcode is a 16-digit number separated by hyphens; for example: 1234-5678-1234-5678. You must enter all characters, including hyphens OR leave the hyphens out completely. The passcode is NOT the same as your Exostar's Identity and Access Management Platform (formerly MAG) log-in password.

Step 3.  Download your certificates. If your passcode is correct, the list of certificates you can download displays. The system automatically selects all certificates for download. 

Step 4.  Click the OK button to archive your encryption key and enable key recovery.

NOTE: This activity allows Exostar to archive the encryption key for recovery at a later time. Refer to the Recover Encryption Key section for more information.

Step 5.  Complete the certificate download. The system presents the download status at each step.

Step 6.  Once the download is complete, a confirmation message displays.

NOTE: Refer to the FAQ section for Federated Identity Service for information on any certificate download errors.

How useful was this content?

Your Rating: Results: 1 Star2 Star3 Star4 Star5 Star 1 rates