How to publish your S/MIME certificate to a Global Address List (GAL)

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

What is a Global Address List (GAL)?

A Global Address List (GAL) is a centralized directory of email addresses and contact information within an organization’s email system or directory service. It serves as a comprehensive and easily accessible repository of all email users, making it a valuable resource for efficient communication and collaboration. 

When an Exchange Online organization is set up, it comes equipped with a GAL called Default Global Address List, serving as the main directory for all the organization’s recipients. There may be circumstances requiring the establishment of multiple GALs, such as when there’s a need to restrict visibility between different groups of recipients. When S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates are added to a GAL, several benefits are gained which are explained in the next section.

What are the Benefits of Adding Your S/MIME Certificate to a Global Address List (GAL)?

  1. Streamlined Communication: When all public keys are readily available in a GAL, employees can immediately start sending encrypted emails to each other. This eliminates the need for the initial exchange of signed emails to share public keys, thereby streamlining the process of secure communication.
  2. Mitigation of Phishing Attacks: By making S/MIME certificates readily available in a GAL, it becomes easier for users to identify phishing attempts and malicious emails, as they can quickly verify the sender’s identity.
  3. User Convenience: If S/MIME certificates are published in GAL, it makes it more convenient for users to find and utilize S/MIME certificates. They can send and receive secure emails without the hassle of managing certificates separately.
  4. Reduction in Operational Delays: Without the need for initial key exchanges, communication can occur more swiftly. This reduction in procedural steps can lead to decreased operational delays in situations where immediate secure communication is necessary.
  5. Scalability: As the organization grows, adding new users and their certificates to a GAL is a scalable solution for maintaining secure email communications across an expanding workforce.
Secure your email communications today with SSL.com’s S/MIME certificates. Protect sensitive data, enhance trust, and ensure privacy.

CHOOSE YOUR SSL.COM S/MIME CERTIFICATE HERE

Publish your S/MIME certificate

  1. Launch Microsoft Outlook.
  2. Click File on the top menu.
  3. Click Options.

  4. Click Trust Center, followed by Trust Center Settings…

  5. Click the Email Security tab. Under the Encrypted email section, hover to Default Setting and choose the S/MIME certificate you want to publish to GAL by clicking the drop-down arrow. If there is another certificate you want to import to Outlook, click Settings… button.

  6. Under Digital IDs (Certificates) section, click the Publish to GAL… option. 

  7. Outlook will prompt you to confirm publishing your certificate to GAL. Click OK.
    Note: If you receive the following error, double-check the correctness of your certificate and proceed to the section of this article titled: Troubleshooting Errors.
    There are no valid security settings to publish. Would you like to remove your previously published settings?

  8. A prompt will appear asking for permission to access your private key. Click Allow

  9. After a brief loading period, you will see a notification that your certificate has been successfully published.
    Note: In some cases, it can take as long as 48 hours for your S/MIME certificate to be published in the Global Address List.

Troubleshooting Errors

There are no valid security settings to publish

  1. Some users might see this error: There are no valid security settings to publish. Would you like to remove your previously published settings? Click No and  click the Settings… button.

  2. Under Certificates and Algorithms, make sure that your Signing Certificate and Encryption Certificate are the same. The Hash Algorithm should be SHA256. The Encryption Algorithm should be AES (256-bit)

    Examine if  a different certificate is assigned to either option. Place the correct one by clicking the Choose… button.

  3. Click More choices to show all available certificates that can be used. Choose the correct certificate and then click the OK button.

  4. Click the Publish to GAL… button again and see if the error is resolved.

Verify if your certificate has been added to the Global Address List (GAL)

  1. On Microsoft Outlook, click the icon for Address Book.

  2. Under the Address Book section, click the drop-down arrow and select Global Address List.

  3. Search for the name of the contact and click Add to Contacts.

  4. Click the Certificates tab. Double-click the highlighted name of the S/MIME certificate and the details of the published certificate will appear.

If you have questions about EPKI or any other topic related to PKI and digital certificates, please contact us by email at Support@SSL.com, call 1-SSL-Certificate (1-775-237-8434), or simply click the chat button at the bottom right of this page. As always, thank you for choosing SSL.com!

Stay Informed and Secure

SSL.com is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from SSL.com.

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.