Employees of the University of Cologne can use S/MIME (Secure Multipurpose Internet Mail Extensions) certificates for e-mail signing and encryption, document signing . Use requires a personal certificate, which can be applied for online. Students are excluded from the use, unless they are SHK, WHB or WHK.

Instructions for applying can be found on our website.

Importing (and using) the S/MIME certificates differs in different email clients. Below you will find instructions for Mozilla Thunderbird, Microsoft Outlook, Apple Mail and Mail on iOS. For Android, there is currently no free email app or one that is integrated into the operating system that can handle S/MIME and is easy to configure (if you are still interested in using S/MIME in Android, please contact the RRZK helpdesk).

The instructions assume that you have already set up the e-mail box of your personal account in the respective e-mail client (see the instructions for setting up an e-mail client).

The use of certificates is not possible under Webmail.

Click on the previously exported certificate file (if necessary also on another computer) and enter the corresponding password [Picture 1]. The certificate is now imported into the keychain management.

The certificate is now automatically integrated in Apple Mail. When composing a new e-mail there is now the possibility to either sign (1) or encrypt (2) the e-mail using two buttons [Picture 2].

You must first transfer the certificate to your device (e.g. via e-mail or cloud), as it cannot be applied for with iOS.

Import:

• Navigate to the 'Settings' on your iPad/iPhone. Select the first menu item 'Profile loaded' [Picture 1].
• Click on the file and confirm the installation in the new window [Picture 2].
• Now enter the password of your iPhone/iPad [Picture 3].
• Click on "Install" [Picture 4] again in the following window and confirm this with "Install" [Picture 5].
• Enter the password for the certificate that was assigned during the export [Picture 6].
• Finish this process with 'Done' [Picture 7].

Configuration from "Mail"

• Now navigate in the settings to 'Passwords & Accounts' (in earlier iOS versions you go directly to 'Mail') [Picture 1].

• Call up your university account there.

• Now click on 'Account' [Picture 2] and then on 'Advanced' [Picture 3].

• Under 'Sign' (1) and 'Encrypt by Default' (2) you can now set preferences for all future e-mails [Picture 4]. We recommend that you only make 'Sign' the default setting. You should not activate encryption by default, because you probably do not have a certificate from all your contacts and sending an encrypted e-mail is only possible if you have the public certificate of the receiving person.

• After clicking on 'Sign' you have to activate signing on the corresponding subpage [Picture 5].

• Now click on the blue back arrow in the upper left corner and then on the arrow again on the top page. Then confirm on the account overview page with 'Done'.