S/MIME certificates and contacts in Active Directory


  • Recently the requirements of signing/encrypting email with S/MIME came up.
    Rolled out some user certificates and configured the outlook clients to use them. Internal tests were successfull and now we are running tests with external partners and the problems begin to show.

    Mail encryption seems only to work if I create a contact in the outlook contacts and attach the exported certificates to this contact. This is extensive work, because we are dealing with quite the amount of people on both sides in a soon-to-happen project.

    I thought about binding the certificates to contacts in AD. I found this article, but the certificates I got from our partner are lacking the mentioned "E=mailadress"-value in their subject and the configuration with certutil seems to fail (=> "ERROR_INVALID_PARAMETER")

    Is there a supported way to do this and how is it done correctly?

    Thanks in advance!


    Tuesday, July 4, 2017 9:40 AM

All replies