locked
SMIME for email security: Error- Microsoft outlook cannot sign or encrypt this message because the certificate is not valid RRS feed

  • Question

  • I have an issue trying to encrypt an email message and sending it to someone. The error which i'm facing is "Microsoft outlook cannot sign or encrypt this message because the certificate is not valid". I've never used this SMIME feature of outlook. Referred few articles and blogs but couldn't get any clue. I've managed to get the user certificate for myself from Comodo which is for free use. Please let me know how to understand and use this feature as i'm new to it. Does the server has to do anything in this process related to SMIME settings..

    Friday, June 7, 2013 12:27 PM

Answers

  • If you are doing digital signing in Outlook or in OWA, server does not have anything to do with it. Most important is that you first check which certificate your Outlook is using (File->Options->Trust Center->Settings->Email security). Also, you should make sure that email address in certificate is equal to your email address that you use in Outlook. Certificate should have digital signature listed as purpose, should have valid date, and must be able to connect to at least one CRL point. 

    Do some of these checks, and post your results here.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

    • Proposed as answer by damirdMVP Saturday, June 8, 2013 8:16 PM
    • Marked as answer by Zi Feng Tuesday, June 18, 2013 2:16 AM
    Saturday, June 8, 2013 8:16 PM
  • Hi

    Could you please provide some information such as Exchange Version?

    Also as damird said, Due to server does not have anything to do with it. Please try to ask on Outlook Forum as well and get some help there

    http://social.technet.microsoft.com/Forums/en-US/outlook/threads

    Cheers

    If you have any feedback on our support, please click here


    Zi Feng
    TechNet Community Support


    • Edited by Zi Feng Tuesday, June 11, 2013 5:31 AM
    • Marked as answer by Zi Feng Tuesday, June 18, 2013 2:16 AM
    Tuesday, June 11, 2013 3:42 AM

All replies

  • If you are doing digital signing in Outlook or in OWA, server does not have anything to do with it. Most important is that you first check which certificate your Outlook is using (File->Options->Trust Center->Settings->Email security). Also, you should make sure that email address in certificate is equal to your email address that you use in Outlook. Certificate should have digital signature listed as purpose, should have valid date, and must be able to connect to at least one CRL point. 

    Do some of these checks, and post your results here.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

    • Proposed as answer by damirdMVP Saturday, June 8, 2013 8:16 PM
    • Marked as answer by Zi Feng Tuesday, June 18, 2013 2:16 AM
    Saturday, June 8, 2013 8:16 PM
  • As per your suggestion I've cross verified the Email address in the certificate and found that it is equal to my email address. This is a freee cerificate and i got it from Comodo. Although i've understood to some extent i still have some doublts in checking the steps that you've suggested. The certificate also has a valid date and can you please guide me how do i check if it is connecting to the CRL. If possible can you pls provide some snapshots or link to a step by step process.

    Please provide in your valuable suggestions.

    Thanks & Regards,

    Pradeesh


    • Edited by Pradeesh P Monday, June 10, 2013 10:20 AM
    Monday, June 10, 2013 10:19 AM
  • Hi

    Could you please provide some information such as Exchange Version?

    Also as damird said, Due to server does not have anything to do with it. Please try to ask on Outlook Forum as well and get some help there

    http://social.technet.microsoft.com/Forums/en-US/outlook/threads

    Cheers

    If you have any feedback on our support, please click here


    Zi Feng
    TechNet Community Support


    • Edited by Zi Feng Tuesday, June 11, 2013 5:31 AM
    • Marked as answer by Zi Feng Tuesday, June 18, 2013 2:16 AM
    Tuesday, June 11, 2013 3:42 AM
  • This is a bug in Outook/Lync/Exchange/AD where the manner the check is performed has a bug as it looks against the wrong email address from the server.
    Tuesday, January 31, 2017 12:07 PM
  • The server may well be the problem. This is because the addrewss outlook uses is often cached from a server resource including pat times an offline address book or LDAP server list
    Monday, July 24, 2017 9:23 AM