Email & Calendar

Sending Encrypted Email to .mil Addressees

1. An email recipient’s public certificate must be used to send an encrypted email message. Such
is the case when sending PII to someone outside of but who has a ‘.mil’ email
address. Performing the steps that follow will provide the means to capture the ‘.mil’ person’s
public certificate, thereby enabling the means to send encrypted messages to them.

2. Open a browser and go to DISA 411 Global Directory Services site

3. After entering your CAC PIN, the 411 Query screen will appear.

4. Enter the Last Name, First Name, and as much information as known about the addressee. If
the exact first name isn’t known, the ‘starts’ may be used for a fuzzy search as shown below.

5. Click the search button. Once the person has been found, the resulting name(s) will appear.
Click on the ‘Last Name’ of the individual in question.

6. When their certificate information appears, select the link to ‘Download Certificate(s) as vCard’.

7. More details will appear; click on the certificate that you want to download. (Typically only one appears.)

8. Click the arrow on the downloaded file icon on the bottom left of the screen. Click ‘Open’. If prompted to choose the application to open in, choose outlook.


9. The ‘New Contact’ window will open and select ‘Save & Close’ from the top-left menu bar. This will add the person’s information and certificate to your local Contact in Outlook.

10. To send encrypted email to the person, open ‘New Email’, click ‘To’, find their name in the Address Book under Contacts. Their public certificate will then be automatically inserted to encrypt the message.

HELPFUL HINTS: When searching for someone in the 411, reduce the number of matches by changing the ‘Where the C/S/A is:’ entry from ‘All DOD’ to ‘USA’ for Army or select another branch from the pull-down menu. Another method to find the individual is to first get their Enterprise Email address and use it to search. EE addresses are available within the EE Global Address Book. Once the book has been opened, a search may be performed within a location.
For example, even with specifying Army as the Branch when searching for a person by name, an overwhelming number of individuals might meet the search criteria as shown below.

Using EE GAL Groups search can narrow down the search population to a location. The GDS search can then be performed using the person’s EE address, in this case eliminating 14 of the 15 GDS matches.

NOTE1: There may be an occasion when the person may have more than one persona. Notice in the list of names in the Local Contacts on page 3 that there are two ‘ALAN BEITLER’s. This is due to finding the two entries in the search results. This person has two personas, one as a Contractor (ctr) and the other as a DA Civilian (civ). In these cases, care must be taken to select the appropriate persona when sending the encrypted email message since each persona has a unique public certificate.

NOTE2: When you receive a new CAC certificate, you will need to recover your old encryption key to be able to read your old encrypted email. Follow the step-by-step instructions in this guide to recover your old key pair and install it on your machine.
Microsoft Windows: Recovering and Installing an Old Encryption Key *PKI

Mail this page!

Was this helpful?

Leave A Comment