none
Outlook will not encrypt email after installing new certificate RRS feed

  • Question

  • Hi,

    I have seen a few questions similar to this but nothing identical so I am asking for some further help on this issue.  I use Outlook 2013 with S/MIME for signing and encrypting emails.  This has been working perfectly for the last year but a few days ago my certificate expired and I replaced it with a new one from Comodo.

    A couple of my colleuges had their Comodo certificates expire at the same time as mine and have also renewed theirs.  We have all exchanged public keys again so that everyone is up to date and in most cases this has worked as expected.  However, when I try to send and encrypted email to 1 of my contacts I get the error that "Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting to unsupported encryption capabilities"

    I can send to this contact without encrypting the message.  I have confirmed that the certificate included in his contact entry is correct and up to date. Just to confuse the issue I can reply to an email he has sent me and I can encrypt the reply, but I cannot encrypt a new message.

    I have checked my various address books to ensure that there isn't a conflicting entry in the "Suggested Contacts" and as far as I can tell there isn't.

    Does anyone have any ideas?

    Thanks.

    Thursday, October 30, 2014 7:58 AM

Answers

  • Hello Mudplugger,

    An easy way to test:

    You and the contact each copy and remove your corresponding contacts. Then you each send each other a digitally signed message, which enables you to add the other person's certificate to your Contacts.

    Does this work for you?

    • Marked as answer by Mudplugger Friday, October 31, 2014 3:11 PM
    Friday, October 31, 2014 12:09 PM

All replies

  • Hi,

    Not sure if you've already seen this article or not: http://support.microsoft.com/kb/884738

    Generally, this problem should be troubleshooted on the recipient's side. He/she should republish the correct certificate to the global address list:

    For Outlook 2013, Go to FILE>Options>Trust Center>Trust Center Settings...>E-mail Security, then click Publish to GAL...

    Regards,

    Ethan Hua
    TechNet Community Support


    It's recommended to download and install Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office programs.

    Friday, October 31, 2014 9:42 AM
    Moderator
  • Hello Mudplugger,

    An easy way to test:

    You and the contact each copy and remove your corresponding contacts. Then you each send each other a digitally signed message, which enables you to add the other person's certificate to your Contacts.

    Does this work for you?

    • Marked as answer by Mudplugger Friday, October 31, 2014 3:11 PM
    Friday, October 31, 2014 12:09 PM
  • @Ethan,  thanks for the suggestion but we are not working within an exchange environment just POP/IMAP so the Publish to GSL option is not available.

    @George, That worked on my end, just waiting for my colleague to try and see if it fixes his Outlook.  I wonder if this is related to the missing "Update Contact" option in Outlook 2013?

    thanks to all for the help.

    Friday, October 31, 2014 3:11 PM
  • This works in small group situation, but is a ridiculous work around with more users in the loop!
    Wednesday, January 31, 2018 4:28 PM
  • This only works for those using Exchange.

    For stand alone users of Outlook -- no go.

    Wednesday, January 31, 2018 4:29 PM