locked
OWA - No digital ID for signing has been found RRS feed

  • Question

  • When trying to send a signed or encrypted email in OWA I get the following error:

    No digital ID for signing has been found. If you have a smart card-based digital ID, insert the card and try to send the message again. You can also try sending the message without a digital signature.

    If your digital ID is not trusted by the Exchange server, you cannot use it to sign messages. For more information, contact technical support for your organization.

     

    Environment:

    - Exchange 2007 on Windows 2003 Server 64 bit

    - client computer has windows xp sp3 + IE 8

    - exchange server uses a self-signed certificate. I also added the certificate to the Trusted CA (on the server AND on the client computer)

     

    Things we checked/tried

    - user certificate is installed on the client machine. The user can send signed message with Office Outlook 2003/2007 on the same machine

    - we tried adding the user certificate on the server Trusted CA (although I don't think it should work like this). Didn't work

    - we enabled on IIS->Default Site->Digital Certificate Options, "accept client certificate". Didn't work

    - we also tried mapping on IIS the user certificate with the user account; no luck!

    - searched the whole week on the internet for a solution, nothing so far :(

     

    Any ideas on how we can debug this is greatly appreciated!

    Thanks 

     

    Friday, November 19, 2010 4:00 PM

Answers

All replies

  • Could at least some one tell me if they got S/MIME working with OWA 2007 and what were the main steps involved?

     

    Thank you!

    Sunday, November 21, 2010 10:12 AM
  • Secure Messaging with S/MIME and OWA on Exchange Server 2007 SP1

    http://msexchangeteam.com/archive/2007/08/20/446760.aspx

    How to Manage S/MIME for Outlook Web Access
    Hope this helps!!!

    -- Saakar “Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread”
    • Proposed as answer by SR_ Monday, November 22, 2010 2:20 PM
    • Marked as answer by bftanase Monday, November 22, 2010 2:21 PM
    Sunday, November 21, 2010 3:56 PM
  • Thank you very much for your input.

    As I suspected, we needed to add the root CA of the user to the Trusted  CA on the exchange server. For some reason we were adding the wrong certificate...

    Now everything is fine, for now :)
    Monday, November 22, 2010 9:02 AM
  • Im having the same issue.... Exchange 2007, digital ID from Verisign and using OWA to send message with a digital signature from an xp service pack 3 machine running ie 8.  Im new to this, so would you be so kind as to give me some instructions on exactly what you did  "add the root CA of the user to the trusted CA on the exchange server"?  Thank you very mch in advance!

    Friday, March 4, 2011 2:39 AM
  • Normally Verisign should already exist as a Trusted Root Certificate Authority.

     

    Anyway, here's what I did to get it working. Please note that you will need administrative rights on the Exchange Server

    1) Save to a file the root CA from your certificate. To do this you must do the following:

    • open your certificate, go to "Certification Path" tab
    • select the top level certificate (should be something with Verisign)
    • click "View Certificate", go to "Details", click "Copy to a file..."
    2) On the Exchange server you need to open the Certificates Add In for Local Computer*:
    • Start->Run, "mmc"
    • File->Add/remove Snap In
    • Click "Add", select "Certificates"
    • Select "Computer Account", next, Local Computer Account
    3) Add the certificate from step 1 to "Trusted Root Certification Authority\Certificates". Rigth click "Certificates", All Task->Import

     

    Hope it helps!

     

    *These instructions are for Windows 2003 Server

    Monday, March 7, 2011 2:11 PM
  • I followed your instructions but still have the same problem.  We tested the Cert in Outlook 2003 and 2007, works fine.  OWA is where our issue remains.  Do we need to restart IIS Admin service or some other service, possibly?
    Tuesday, December 20, 2011 10:04 PM
  • Hi bftanase

    I have the same problem when send email with digitally signature, but i would like to ask clearly as your above guide which on exchange servers that I must import certificate into Trust Root CA ? (because my exchange 2010 systems include cluster systems: 2 Hub transports & mailbox servers with Virtual DAG IP , 2 CAS servers with virtual Cas Server? 

    on step 2 you said

    2) On the Exchange server you need to open the Certificates Add In for Local Computer*:

    Start->Run, "mmc"
    File->Add/remove Snap In
    Click "Add", select "Certificates"
    Select "Computer Account", next, Local Computer Account

     On the Exchange server

    Thanks and regards,

    Wednesday, April 11, 2012 11:03 AM
  • I'm sorry Huynhm, but I haven't used Exchange in a cluster environment so far and I'm not sure how it works exactly.

    However, I think the certificate should be installed on the server that hosts the Owa application. The one that responds when you go to http://yourdomain/owa. Just a hunch...

    Wednesday, April 11, 2012 11:24 AM