Navo Hosting

How to Setup Secure Multipurpose Internet Mail Extension(S/MIME)?

Google Workspace offers a business version of Gmail.  E-mails are used by business organizations for their communication with clients. To improve the security of the google workspace emails your organization set up S/MIME. The secure multipurpose Internet mail extension improves email security. S/MIME encrypts messages and adds a digital signature to the emails. This mail extension protects users from phishing, harmful software, and email threats. Both sender and recipient must be enabled to use S/MIME. The google workspace version supports the S/MIME features are Enterprise, Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus.

How to Turn on Hosted S/MIME

  1. Log in to the Admin console, go to Menu > Apps >Google > Workspace>



2. On the left, under Organizations, select the domain or organization you want to configure.



3. Gmail >User settings.


4. Scroll to the S/MIME setting

5. Check the Enable S/MIME encryption for sending and receiving emails box.

6. Allow users to upload their certificates.

Additional controls:

If you want to let users upload certificates, check the Allow users to upload their own certificates box. If you want to upload and manage root certificates, use the S/MIME trusted certificates controls:

  1. Next to Accept these additional Root Certificates for specific domains, click Add.
  2. Click Upload Root Certificate.
  3. Browse to select the certificate file and click Open.

(A verification message appears for the certificate, which includes the subject name and expiration date. If there’s a problem with the certificate, an error message appears)

  1. Under the Encryption level, select the encryption level to use with this certificate.
  2. Under the Address list, enter at least one domain that will use the root certificate when communicating. Domain names can include wildcards that meet the RFC standard. Separate multiple domains with commas.
  3. Click Save.
  4. Repeat for additional certificate chains.
  5. Check the Allow SHA-1 globally (not recommended) box only if your domain or organization must use Secure Hash Algorithm 1 (SHA-1)
  6. Click Save.

After enabling the hosted S/MIME encryption, S/MIME end-user certificates must be uploaded to Gmail. After reloading gmail, a lock icon appears in the subject line of email messages. If a message is encrypted with hosted S/MIME the icon will be green. (Important: If you’re configuring advanced controls on S/MIME to upload and manage root certificates, you must select to enable SMIME at the top-level organization, typically your domain). Changes you made in the Google console can take up to 24 hours but usually happen more quickly.

Steps to upload certificates in their Gmail settings

The user certificates should meet the current cryptographic standards and use the public key cryptography standards archive file format.

  1. Go to Gmail.
  2. Choose Settings
  3. See all settings.



4. Select the Accounts tab.




5. Next, to send mail as, select Edit info.



6. The Edit email address and encryption settings window appears. (If you don’t have this option, contact your administrator)

7. Click Upload a personal certificate.



8. Select the certificate and click Open. You’ll be prompted to enter a password for the certificate.

9. Enter the password and click Add certificate.



10. Your message will be secure during delivery displays.



11. Message security displays recipients that support enhanced encryption.

12. Click OK.



It is recommended to upload certificates with the Gmail S/MIME API. Also, use the Gmail S/MIME API to manage some tasks like viewing, deleting, and setting default user keys. The list of trusted certificates provided and maintained by Google applies only to Gmail for S/MIME API.


How to override sub-organization SMIME Settings

To override SMIME settings:

  1. In the Admin console, go to Menu Apps > Google > Workspace > GmailUser settings.
  2. On the left, under Organizations, select the organizational unit you want to configure.
  3. Scroll to the S/MIME setting, and click to expand it.
  4. The label under the S/MIME setting label will indicate either Inherited from (organization or domain name) or Overridden.
  5. Click Override to save changes to the sub-organization inheriting SMIME settings.

We provide world-class services to our customers. We offer the following services to our clients.

  • Google workspace
  • Domain & Web hosting
  • Web Designing

We are one of the premium resellers of google workspace. Further, know about the Import / Export Gmail Contacts. To get the details about our services check here.



Leave a Reply

Your email address will not be published. Required fields are marked *