How is a mail secured using mail or s/mime certificate?

Question

I am trying to understand how a mail is secured using mail or s/mime certificate ?

Normally HTTPS has certificate in a server which gets downloaded to the client on the request reply and then it goes on for few steps till it both arrive at a symmetric key and then encryption will be done using these keys.

From my reading I felt it is not the same case in a mail send/receive.

How does a mail certificate secure a mail in case of for Eg. outlook ? I know a personal certificate can be used per email address for signing and the public key has to be shared with the sender.

But if that is not the case , will there be one certificate installed at the mail server for all users ? When does it get downloaded to the mail client.

Whether a email client have to install a mail certificate ?

Any answers or a link to a resource will be greatly appreciated . Thanks

Answer 1

In order to encrypt a message using S/MIME you already need to have a copy of the recipient's certificate - there's no automatic exchange of certificates as part of the protocol, in the way you would get with SSL. In a system with a central LDAP directory (e.g. a corporate email server) there are standard ways for a mail client to request the certificate for a particular user from the LDAP server, but in the general case you simply have to ask the recipient to send you their certificate separately.

However you obtain the certificate, the important thing is that trust is established in the same way as for SSL - each certificate is issued (and signed) by an authority certificate, and your mail client settings determine which root authorities you trust.