The Outlook on the web S/MIME implementation supports a variation of encryption algorithms like
- RC2 (supported key lengths are 40, 56, 64, and 128)
- DES (56-bit)
- 3DES (168-bit)
- AES128
- AES192
- AES256
You must follow a specific format when you want to configure the OWAEncryptionAlgorithms or OWASigningAlgorithms attributes to support more than one algorithm. The attribute itself is stored as a String and not validated when using Set-SMimeConfig. Beware of this when you configure S/MIME settings and the S/MIME Plugin is unavailable in your Outlook on the web client.
TechNet states clearly:
“If the encryption algorithm or minimum key length is not available on a client, Outlook on the web does not allow encryption.”
The string to use when configuring the OWAEncryptionAlgorithms for AES256 and AES128 is
“6610;660E”
Set-SmimeConfig –OWAEncryptionAlgorithms "6610;660E"
When not using quotation marks, you will receive an error message. But the cmdlet will accept a comma-separated list. A comma-separated list results in the following Get-SMimeConfig output
Set-SmimeConfig –OWAEncryptionAlgorithms 6610,660E OWAEncryptionAlgorithms: 660E 6610
This setting results in S/MIME not being available in Outlook on the web.
Note
To successfully apply S/MIME configuration changes, restart the application or the Exchange server.
Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-WebAppPool MSExchangeOWAAppPool} }