The mysterious Exchange SMimeConfig Algorithms

The Outlook on the web S/MIME implementation supports a variation of encryption algorithms like

  • RC2 (supported key lengths are 40, 56, 64, and 128)
  • DES (56-bit)  
  • 3DES (168-bit)
  • AES128  
  • AES192  
  • AES256

You must follow a specific format when you want to configure the OWAEncryptionAlgorithms or OWASigningAlgorithms attributes to support more than one algorithm. The attribute itself is stored as a String and not validated when using Set-SMimeConfig. Beware of this when you configure S/MIME settings and the S/MIME Plugin is unavailable in your Outlook on the web client.

TechNet states clearly:

“If the encryption algorithm or minimum key length is not available on a client, Outlook on the web does not allow encryption.”

The string to use when configuring the OWAEncryptionAlgorithms for AES256 and AES128  is

Set-SmimeConfig –OWAEncryptionAlgorithms "6610;660E"

When not using quotation marks, you will receive an error message. But the cmdlet will accept a comma-separated list. A comma-separated list results in the following Get-SMimeConfig output

Set-SmimeConfig –OWAEncryptionAlgorithms 6610,660E

OWAEncryptionAlgorithms: 660E 6610

This setting results in S/MIME not being available in Outlook on the web.


To successfully apply S/MIME configuration changes, restart the application or the Exchange server.

Get-ExchangeServer | ? { $_.AdminDisplayVersion -like '*15.*'} | % { Invoke-Command -ComputerName $_.Name -ScriptBlock {Restart-WebAppPool MSExchangeOWAAppPool} }


Sie sehen gerade einen Platzhalterinhalt von Facebook. Um auf den eigentlichen Inhalt zuzugreifen, klicken Sie auf die Schaltfläche unten. Bitte beachten Sie, dass dabei Daten an Drittanbieter weitergegeben werden.

Mehr Informationen