none
Security Certificate Not Visible in MMC RRS feed

  • Question

  • OS:  Windows 7

    I posted this question previously in the Windows 7 forum and was told that I should have posted it in the Office forum.  I don't think the problem has anything to do with Office.  I am posting it here in the hopes that people who follow a security forum will understand how Windows handles security certificates.

    We have a user who just moved to a different computer.  He used email encryption on his old machine, so we wanted to export the certificate from the old machine to the new machine.  The problem is, we can't find the certificate on the old machine.

    I had the employee log on to the old machine and then I opened MMC, added the Certificates snap-in, and attempted to drill down to Certificates - Current User > Personal > Certificates, but the Certificates folder does not exist.  That made me question if email encryption was even working on the old machine, so I tested it, and it does work on that machine.  This leads me to believe that there is a valid email encryption certificate installed on the machine, but that it is not visible in MMC for some reason.

    What would prevent me from seeing a certificate in MMC?  Is there a way to reveal the certificate and get it exported so that I can import it to the new machine?

    Thanks in advance for any help that you can offer!

    --Tom

    Thursday, May 4, 2017 8:34 PM

Answers

  • Odd that it's not in MMC.

    From the Trust Center in Outlook, are you able to just select Import/Export under the "Digital IDs (Certificates)" section? (directly below where you were?) and export to a .pfx.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by thomasm516 Monday, May 15, 2017 5:54 PM
    Tuesday, May 9, 2017 7:35 AM
  • If you are in Outlook and go to choose the encryption certificate, you can click a link to view the certificate details, and in that dialog box there is an Install Certificate button.  Obviously, the certificate is already installed, but maybe if I install it again it will become visible in MMC.

    --Tom

    It worked!  I went in to Outlook, when into the Trust Center > Email Security, when in to choose the certificate, and clicked the link to open the certificate.  From there, I clicked the button to install the certificate.  After re-installing it, I was able to see the certificate in MMC.  I was then able to export the certificate.

    Georg's idea also worked and is a bit more efficient, but it's nice to know both tricks.

    --Tom

    • Marked as answer by thomasm516 Monday, May 15, 2017 5:54 PM
    • Unmarked as answer by thomasm516 Monday, May 15, 2017 5:55 PM
    • Marked as answer by thomasm516 Monday, May 15, 2017 5:55 PM
    Monday, May 15, 2017 5:53 PM

All replies

  • Hi,

    As far as I know,outlook use S/MIME certificate for email enryption,and it is a user certificate.Please make sure you open the certificate console in MMC with a user account.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 5, 2017 5:00 AM
    Moderator
  • Thanks for the reply!

    Yes, it is a user certificate.  I had the user log on to the machine and then opened up the user certificates in MMC.  Sorry, I should have made it clear in my original post that I was looking at the user certificates.

    Another bit of information is that if I go into Outlook, go to the Trust Center, then Email Security, and go to choose the encryption certificate, I do see the certificate listed there.  So, clearly the certificate is on the machine and being used by Outlook.  I just can't figure out why it is not visible as a user certificate in MMC, or how to get it exported.

    However, I just realized something that might help.  If you are in Outlook and go to choose the encryption certificate, you can click a link to view the certificate details, and in that dialog box there is an Install Certificate button.  Obviously, the certificate is already installed, but maybe if I install it again it will become visible in MMC.  I will give that a try next week and will report back the results.

    --Tom

    Friday, May 5, 2017 7:58 PM
  • Just found out that the user is out of the office all week.  I will check in with him next week and try my idea.  I will post the results.

    --Tom

    Monday, May 8, 2017 7:48 PM
  • Odd that it's not in MMC.

    From the Trust Center in Outlook, are you able to just select Import/Export under the "Digital IDs (Certificates)" section? (directly below where you were?) and export to a .pfx.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security), MVP Twitter @georgathomas This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    • Marked as answer by thomasm516 Monday, May 15, 2017 5:54 PM
    Tuesday, May 9, 2017 7:35 AM
  • Georg,

    Thanks for the reply.  My apologies for not responding sooner.  The user was out of the office all last week and so I was not checking this thread.

    I have not tried exporting as you suggest.  I will certainly give that a try and will post back the results.

    --Tom

    Monday, May 15, 2017 4:55 PM
  • Okay, I just talked to the user and I was able to export the certificate from the old machine using the Import/Export button in Outlook, as Georg suggested.  I have imported it to his new machine and he can now open old encrypted emails.

    Georg, thanks for the suggestion.  I had noticed that button before, but never exported certificates that way.  Guess I just didn't see the forest through the trees on that one.

    Interestingly, my idea of opening the certificate in Outlook and re-installing it also worked to make it visible in MMC.  Weird.  Never seen that behavior before.

    --Tom

    Monday, May 15, 2017 5:48 PM
  • If you are in Outlook and go to choose the encryption certificate, you can click a link to view the certificate details, and in that dialog box there is an Install Certificate button.  Obviously, the certificate is already installed, but maybe if I install it again it will become visible in MMC.

    --Tom

    It worked!  I went in to Outlook, when into the Trust Center > Email Security, when in to choose the certificate, and clicked the link to open the certificate.  From there, I clicked the button to install the certificate.  After re-installing it, I was able to see the certificate in MMC.  I was then able to export the certificate.

    Georg's idea also worked and is a bit more efficient, but it's nice to know both tricks.

    --Tom

    • Marked as answer by thomasm516 Monday, May 15, 2017 5:54 PM
    • Unmarked as answer by thomasm516 Monday, May 15, 2017 5:55 PM
    • Marked as answer by thomasm516 Monday, May 15, 2017 5:55 PM
    Monday, May 15, 2017 5:53 PM