BlueMail for Enterprise supports full S/MIME encryption and digital signing, allowing you to send confidential messages and verify the authenticity of incoming mail. This guide explains how to set it up and use it correctly.
What is S/MIME?
S/MIME (Secure/Multipurpose Internet Mail Extensions) uses digital certificates to sign and encrypt email.
Each user has:
- A public certificate that others use to encrypt messages sent to you
- A private key that only you have, used to decrypt messages and apply digital signatures
BlueMail uses the certificates stored on your device and automatically associates them with your email accounts.
Setting Up S/MIME in BlueMail
1. Install your S/MIME certificate
Your organization or certificate authority (CA) will provide a file containing your certificate and private key (commonly a .p12 or .pfx). Install this file on your device. If your company uses an MDM/EMM system, certificates may be pushed to your device automatically.
2. Make sure the certificate matches your email
After installation, BlueMail will detect the certificate and link it to the corresponding email address.
You don’t need to configure anything else unless your IT team instructs you otherwise.
3. (Optional but recommended) Separate certificates
Some organizations use one certificate for signing and another for encryption. BlueMail supports both setups.
Sending Encrypted or Signed Email
To encrypt a message, you must have the recipient’s public certificate.
BlueMail automatically collects a recipient’s certificate when:
- They send you a digitally signed email
- Your organization distributes certificates internally
- You import a certificate file provided by IT
How to send an encrypted message:
- Compose a new email.
- Tap the S/MIME icon (lock/shield).
- Choose Encrypt, or Sign & Encrypt if needed.
- Send the message normally.
BlueMail takes care of the encryption and signing automatically.
Sending a signed message
A signed message proves the message really came from you and wasn’t altered.
Just enable Sign in the S/MIME options before sending.
Receiving Encrypted Messages
When you receive an encrypted email, BlueMail uses the private key stored on your device to decrypt it.
If the private key isn’t available on this device, the message cannot be decrypted.
“Key not found” or “Cannot decrypt message”
This usually means:
- The email was encrypted with a different public key than the one you have installed
- You no longer have the private key that matches the certificate
- The certificate was removed, expired, or not installed on this device
Reinstall your certificate or ask the sender to re-encrypt the message using your current public certificate.
Exchanging Certificates
S/MIME doesn’t use public key servers.
Instead, BlueMail learns certificates automatically when:
- You receive a signed message from someone
- Certificates are distributed by your company
- You manually import a certificate file
You do not need to “register” a contact in BlueMail for secure mail to work.
You only need their valid public certificate.
- Keep your private key safe and never share it.
- Use separate signing and encryption certificates if your organization supports it.
- Renew your certificates before they expire.
- Remove old or revoked certificates when instructed by IT.
With your S/MIME certificate installed, BlueMail Enterprise makes secure communication straightforward.
Signing, encrypting, and decrypting messages works smoothly and is fully integrated into the app’s mail flow.