Microsoft Outlook cannot sign or encyrpt this message becauase you have no certfificates which can be used to send from your e-mail address.


  • Using outlook 2010 and 2013 preview different machines same error:

    Invalid Certificate

    Microsoft Outlook cannot sign or encyrpt this message becauase you have no certfificates which can be used to send from your e-mail address.

    Installed certificates from two different stores on two different machines when trying to send an encrypted email message the aforementioned error is given.

    Why is this error being given when the certificates were issued to the email addresses the emails are attempting to send from.




    Monday, September 24, 2012 7:07 PM

All replies

  • You can have a look at the following articles: (Office 2007 and 2010) and (Office 2003)

    DeVa, M.S., {MSFT} Please remember to mark the replies as answers if they help

    Tuesday, September 25, 2012 12:58 AM
  • That article is in regards to forward and reply's not to original messages.

    The certificate is installed through IE and Outlook normally respects that so not sure???



    Tuesday, September 25, 2012 1:11 AM
  • Hi,
    Have you specified the digital ID to use?
    Check the following steps:

    Specify the digital ID to use
    You might choose to have more than one digital ID — one for your digital signature, which in many areas can have legal significance, and another for encryption.
    1.Click the File tab.
    2.Click Options.
    3.Click Trust Center.
    4.Under Microsoft Outlook Trust Center, click Trust Center Settings.
    5.On the E-mail Security tab, under Encrypted e-mail, click Settings.
     Note    If you have a digital ID, the settings to use the digital ID are automatically configured for you. If you want to use a different digital ID, follow the remaining steps in this procedure.
    6.Under Security Setting Preferences, click New.
    7.In the Security Settings Name box, enter a name.
    8.In the Cryptography Format list, click S/MIME. Depending on your certificate type, you can choose Exchange Security instead.
    9.Next to the Signing Certificate box, click Choose, and then select a certificate that is valid for digital signing.
    Note    To learn if the certificate is intended for digital signing and encryption, on the Select Certificate dialog box, click View Certificate. An appropriate certificate for cryptographic messaging (such as digital signing) might say, for example, "Protects email messages."
    10.Select the Send these certificates with signed messages check box unless you'll be sending and receiving signed messages only within your organization.
    Note    The settings that you choose become the default when you send cryptographic messages. If you don’t want these settings to be used by default for all cryptographic messages, clear the Default Security Setting for this cryptographic message format check box.

    More information:

    Best regards,

    Rex Zhang

    TechNet Community Support

    Tuesday, September 25, 2012 5:29 AM
  • HI,

    Thank you for the response.  The certificate is for email, it is being used with the proper email address it auto configures S/MIME cant choose goes to SH1 and AES256..

    It is odd that the error persists?



    Tuesday, September 25, 2012 2:48 PM
  • Hi George,

    What messages are you trying to send?

    Signed or Encryped or both?

    1. Go to active directory users and computers and pull up the user properties of the affected user who is seeing this error, look at the published certificate.

    2. Same certificate should be installed in the local store of client machine where you are trying to send this message from. It should be having Private key.

    3. First try sending just signed messages and let me know if it works or not

    Padamdeep Singh

    Tuesday, November 20, 2012 4:21 PM
  • Is there any update on this?

    Padamdeep Singh

    Thursday, November 29, 2012 5:38 PM
  • I am having trouble with the same error message in Outlook 2016 (from Office 365 Home).

    However, using alternative email clients like Thunderbird works fine in signing using the certificate I got from Comodo. I've followed the instructions in adding the certificate to my store with no luck.

    Wednesday, May 24, 2017 4:11 PM
  • same issue here
    Tuesday, June 27, 2017 1:56 PM
  • Hello Padamdeep,

    I have a query regarding the encryption for Outlook emails.

    If a user A has 3 SMIME certificates. Two of them are valid and one of them has expired. The two valid certificates has expiry dates of 1 year and 2 year left.

    Now a user B wants to send an encrypted email to user A. So here which certificate of user A will be used to encrypt the email message which user B wants to send. I am considering both the certificates of user A has been published to Active Directory.

    One more question , can i use the SMIME certificates for webmails ?

    Thanks and Regards,

    Rahul Kumar

    Monday, February 19, 2018 1:12 PM