After moving from Classic Outlook to the new Outlook for Windows, many users find that their S/MIME certificates no longer work for signing or encrypting emails. This happens because the new app uses a different mail engine and security architecture that does not automatically import certificate settings from the classic version. This article explains how to locate your existing S/MIME certificate, install it into the new Outlook, and configure signing and encryption options so your secure email workflow continues without interruption.
Key Takeaways: Re-enabling S/MIME in New Outlook
- Settings > Accounts > Security > S/MIME: The only location in the new Outlook to manage signing and encryption certificates.
- certmgr.msc (Windows Certificate Manager): Use this tool to find and export your S/MIME certificate with the private key from Classic Outlook.
- File > Options > Trust Center > Trust Center Settings > Email Security: Where Classic Outlook stored S/MIME settings that are not carried over automatically.
Why S/MIME Does Not Transfer Automatically to New Outlook
Classic Outlook stores S/MIME certificates and settings in the Windows certificate store and in the Outlook profile registry keys. The new Outlook for Windows is a completely rewritten application based on the Outlook on the web engine. It does not read the same profile data or registry entries that Classic Outlook uses for email security. When you switch to the new Outlook, it creates a fresh profile that lacks any reference to your existing S/MIME certificate. The certificate itself remains in the Windows certificate store, but the new app does not know to look for it until you manually assign it in the S/MIME settings panel.
Steps to Set Up S/MIME in New Outlook
- Open the Windows Certificate Manager
Press Win + R, type certmgr.msc, and press Enter. This opens the Certificate Manager console where your personal certificates are stored. - Locate your S/MIME certificate
In the left pane, expand Personal > Certificates. Look for a certificate with the intended purpose listed as “Secure Email” in the Intended Purposes column. If you have multiple certificates, check the “Issued To” column to match the email address you use in Outlook. - Export the certificate with the private key
Right-click the certificate, select All Tasks > Export. The Certificate Export Wizard opens. Choose Yes, export the private key. Select the Personal Information Exchange – PKCS #12 (.PFX) format. Check Include all certificates in the certification path if possible. Assign a password and save the .pfx file to a secure location on your computer. - Switch to the new Outlook
Open the new Outlook for Windows. If you have not already switched, click the toggle at the top-right corner labeled “Try the new Outlook.” Confirm the switch when prompted. - Open S/MIME settings
In the new Outlook, click Settings (gear icon) in the top-right corner. In the Settings pane, click Accounts, then select the email account you want to secure. Scroll down and click Security. Under S/MIME, click Manage S/MIME certificates. - Import the exported certificate
In the S/MIME dialog, click Import certificate from file. Browse to the .pfx file you exported earlier. Enter the password you set during export. The certificate appears in the list with your email address and the signing and encryption capabilities shown. - Assign the certificate for signing and encryption
In the same S/MIME dialog, use the dropdown menus under Signing certificate and Encryption certificate to select the imported certificate. Click OK to save the settings. - Send a test signed email
Compose a new email to yourself or a colleague. On the ribbon, click the Options tab, then click the Sign button (a pen icon). Send the email. The recipient should see a digital signature indicator in the message header. - Send a test encrypted email
To test encryption, you need the recipient’s S/MIME certificate. Ask them to send you a signed email first. When you reply, click the Encrypt button (a lock icon) on the Options tab. The message is encrypted using the recipient’s public key.
Common Problems When Setting Up S/MIME in New Outlook
“No certificate available” message when trying to sign
This error appears when the new Outlook cannot find a certificate with a private key in the Windows certificate store that matches your email address. The most common cause is exporting the certificate without the private key. Repeat the export step and make sure you select Yes, export the private key. Also verify that the certificate’s “Subject” field contains your full email address exactly as configured in Outlook.
Encryption button is grayed out
The encryption button stays disabled when you have not yet received a signed email from the recipient. S/MIME encryption requires the recipient’s public key, which is only available after you have received a digitally signed message from them. Ask the recipient to send you a signed email first. After you open that email, the new Outlook stores the public key automatically, and the Encrypt button becomes active for future messages to that recipient.
Certificate password not accepted during import
If the password you set during export is not accepted, the .pfx file may be corrupted or the password was typed incorrectly. Export the certificate again from certmgr.msc, carefully type the password, and confirm it. Save the file with a new name to avoid confusion. Then try the import again in the new Outlook.
Classic Outlook S/MIME Settings vs New Outlook S/MIME Settings
| Item | Classic Outlook | New Outlook |
|---|---|---|
| Certificate storage | Windows certificate store + Outlook profile | Windows certificate store only |
| Settings location | File > Options > Trust Center > Email Security | Settings > Accounts > Security > S/MIME |
| Certificate import method | Automatic from profile or manual import | Manual import from .pfx file only |
| Signing configuration | Per-account in Trust Center | Per-account in S/MIME dialog |
| Encryption certificate fallback | Supports multiple certificates per recipient | Uses the most recent public key from signed email |
| Automatic transfer from Classic | N/A | No automatic transfer |
After completing the import and assignment steps, you can sign and encrypt emails in the new Outlook just as you did in Classic Outlook. The key difference is the manual certificate export and import process required once during the transition. To verify your setup regularly, send a signed test email to yourself and check that the signature icon appears in the reading pane. If you ever need to switch back to Classic Outlook, your S/MIME settings there remain unchanged because the certificate stays in the Windows certificate store.