locked
Unable to send encrypted email. RRS feed

  • Question

  • I’m using Outlook 2013 Professional on Windows 7 Professional.  I’m working on setting up encrypted email to a colleague of mine and having issues.  (encrypted emails to other colleagues is working fine)

    I have a colleague who sends me email from address of "my.colleague.ctr@navy.mil". The certificate he sends me is associated to the "my.colleague@navy.mil" email address (Note the missing ‘.ctr’).   When I try to add this colleague to my Outlook contacts, I’m shown a Yes/No dialog stating “The e-mail address in the certificate is not found in the contact's email list. Do you want to continue to add this certificate into this contact?”.  I click “Yes” and then Outlook crashes. 

    So, I’ve added this person has a contact manually using the my.colleague@navy.mil e-mail address and I manually exported their cert from a previously signed email and imported it into the Outlook contact.  When I try and send an encrypted email to that person I’m given the following message:  “Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities”

    What can I do to send this person encrypted emails?

    Any help is appreciated!

    David

    Monday, February 5, 2018 3:54 PM

Answers

  • Hi,

    Thank you so much for your detailed information.

    According to my research, If the email address of the contact or recipient is different from the email address that is specified in the recipient's certificate, you will receive the error messages. And Outlook may not allow you to directly add it to Contacts as the email address is not the same.

    From the screenshot, the certificate< my.colleague@navy.mil> is associated with my.colleague.ctr@navy.mil.

    Have you tried directly importing it to this contact < my.colleague.ctr@navy.mil > and then sending the encrypted messages to check the result?

    You could also refer to the information under More Information section in the following article and change the registry key to check whether it’s helpful to you.

    How to turn off e-mail matching for certificates in Outlook

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by David_Harris56 Friday, February 23, 2018 3:40 PM
    Friday, February 23, 2018 9:20 AM
  • I followed the instructions in the How to turn off e-mail matching for certificates in Outlook link and after doing that I was able to add my college by right clicking on my colleague's email in the from box of a signed email he sent me and choose the "Add to Outlook Contacts" option.  With the suppress name checks option set the contact was created and the certificate was automatically assigned.  That seems to have done the trick because I was also able to send an encrypted email to him!

    Thanks for the help!

    • Marked as answer by David_Harris56 Friday, February 23, 2018 3:40 PM
    Friday, February 23, 2018 3:40 PM

All replies

  • Hi David,

    Did you create a new contact(my.colleague@navy.mil) and add the certificate to this new contact?

    >>When I try and send an encrypted email to that person

    Which email address are you sending?

    >> encrypted emails to other colleagues is working fine

    Do other users have the same situation that the certificate is associated with another email address?

    Normally, in order to send an encrypted message, a valid Certificate should be associated with the contact who is the intended recipient of the encrypted message. Please check whether you have correctly added the certificate. To view this, please double-click the person's name, and then click the Certificates tab.

    Any updates, please post back at ease.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, February 6, 2018 9:05 AM
  • We have a very similar situation, but I was somewhat confused by the response. I'm pretty sure the algorithms for how it checks certificates against contacts were somewhat broken starting in Outlook 2013. We used to do this manually all the time without issue. Since 2013 (maybe earlier versions), I have never seen a contact with mismatching e-mails to the certificate work (which used to). This time however, we are actually creating a contact with the same e-mail address as what is in the certificate, to no avail.

    This is a common problem with DoD employees, so I'm also not sure why there isn't more discussion on this. In our case the user has an address like first.last@navy.mil and another address like first.last@mail.mil that goes back to the same mailbox. Certificate is in @mail.mil format. User is sending from @navy.mil. Contact we are creating contains the @mail.mil address (which we have checked 100 times to make sure it matches) with the certificate that also has the @mail.mil address.

    Tried the right clicking the account from the "from" field of a previously signed e-mail method to add the contact. However that causes this error message or just crashes Outlook entirely:

    "Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities"

    Wednesday, February 7, 2018 10:35 PM
  • Thanks for the response Perry

    To answer your question I did create a new contact for this person using the my.colleague@navy.mil e-mail address and I manually exported their cert from a previously signed email and imported it into the Outlook contact.  When I go to the Certificates tab I see his certificate there.  I then try and send an encrypted email to my.colleague@navy.mil but get the “Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities” error.  It seems that manually associating a cert to a contact doesn't correctly allow us to use that cert to encrypt the email.

    For the other colleagues I can successfully send encrypted emails to I associated their cert to the contact by right clicking the account from the "from" field of a previously signed e-mail and adding it to my contacts.  There was no email mis-match in those cases so Outlook didn't crash like it did with the "my.colleague.ctr@navy.mil" account.  

    David

    Thursday, February 8, 2018 3:08 PM
  • Matthew, 

    It does look we are both running into the same issue, thanks for adding your situation to this thread.

    David

    Thursday, February 8, 2018 3:08 PM
  • Hi David,

    Can other people send signed messages to the "my.colleague.ctr@navy.mil" account?

    According to my research, please make sure the person has published their public key cert to the Global Address List so it's picked up automatically.

    To do this, please refer to the following steps:

    1. Please go to File > Options > Trust Center > Trust Center Settings.

    2. In the “Email Security”, choose Settings to check if the correct certificate is selected.

    3. Click Publish to GAL.


    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, February 9, 2018 8:59 AM
  • Thanks Perry

    Sending a signed message isn't the issue we're having trouble sending encrypted emails.  I'm not trying to send an encrypted email to the "my.colleague.ctr@navy.mil" account, I'm trying to send it to the "my.colleague@navy.mil" account.  And it seems that other folks have been able to send him encrypted emails.

    The GAL isn't an option for me because I work remotely and am not connected to any their servers in any way. 

    It seems that if I create a contact and associate a certificate with it then Outlook should use that cert to encrypt the email, but it doesn't seem to be.  Is there some troubleshooting I can do to figure out why?

    Friday, February 9, 2018 3:03 PM
  • Hi David,

    In case there is something wrong with the certificate, we could delete the original certificate and then re-add to see the result. 

    Can you send encrypted messages to other recipients? According to my research, sending and viewing encrypted email messages in Outlook requires both sender and recipient to share their digital ID, or public key certificate. This means that you and the recipient each must send the other a digitally signed message, which enables you to add the other person to your Contacts. You can’t encrypt email messages without a digital ID.

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.



    • Edited by Perry-Pan Wednesday, February 21, 2018 7:54 AM
    Wednesday, February 21, 2018 7:29 AM
  • Hi Perry

    As I mentioned in my original post, encrypted emails to other colleagues is working fine.

    I am aware that we need to share out digital IDs and that these IDs are necessary for sending encrypted emails. We have both sent each other signed emails which is how we shared the IDs. This sending of signed emails is how I’ve always shared the certs needed for encryption and the signature my colleague sends me is valid:



    Although as I stated there is a difference in the "Signed By" email and the from email, which I think is part of the issue:



    I'm trying to associate my colleague's Certificate to his Outlook Contact but there is some bug that is preventing me from successfully doing that. If I try to right click on my colleague's email in the from box of a signed email he sent me and choose the "Add to Outlook Contacts" option I'm given the following warning:



    So I click 'Yes'.  Then either nothing happens or Outlook crashes.  But either way the new contact is not created.



    So as I mentioned before I then manually create a new Outlook contact for this person using the "my.colleague@navy.mil" email address (this is the email address in the Signed By field).  When creating this user I go to the "Certificates" section and choose "Import" and navigate to my colleague's cert that I had previously exported:



    When I do this the cert shows up for this Outlook contact so I try and send an encrypted email to that contact and it fails:


    I validated that the cert is ok and is valid but still no luck.
    Wednesday, February 21, 2018 3:25 PM
  • Hi,

    Thank you so much for your detailed information.

    According to my research, If the email address of the contact or recipient is different from the email address that is specified in the recipient's certificate, you will receive the error messages. And Outlook may not allow you to directly add it to Contacts as the email address is not the same.

    From the screenshot, the certificate< my.colleague@navy.mil> is associated with my.colleague.ctr@navy.mil.

    Have you tried directly importing it to this contact < my.colleague.ctr@navy.mil > and then sending the encrypted messages to check the result?

    You could also refer to the information under More Information section in the following article and change the registry key to check whether it’s helpful to you.

    How to turn off e-mail matching for certificates in Outlook

    Regards,

    Perry


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by David_Harris56 Friday, February 23, 2018 3:40 PM
    Friday, February 23, 2018 9:20 AM
  • What do you mean by "directly importing it to this contact < my.colleague.ctr@navy.mil >"? If by 'importing' you mean  right clicking on my colleague's email in the from box of a signed email he sent me and choose the "Add to Outlook Contacts" option that didn't work, the contact wasn't created (and sometimes outlook crashed).  If you mean something else I'm not sure.

    Thanks

    Friday, February 23, 2018 2:54 PM
  • I followed the instructions in the How to turn off e-mail matching for certificates in Outlook link and after doing that I was able to add my college by right clicking on my colleague's email in the from box of a signed email he sent me and choose the "Add to Outlook Contacts" option.  With the suppress name checks option set the contact was created and the certificate was automatically assigned.  That seems to have done the trick because I was also able to send an encrypted email to him!

    Thanks for the help!

    • Marked as answer by David_Harris56 Friday, February 23, 2018 3:40 PM
    Friday, February 23, 2018 3:40 PM