Re: Error using E-mail encryption

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"Nick" <Nick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:6D00BD1B-8742-42FA-9674-4B61DE637165@xxxxxxxxxxxxxxxx

I have installed an encryption certificate on two computers and have them
trusting eachothers certificates, but on one of the computers it can send
encrypted emails but when I try to open an encrypted email I get the error
message "Your Digital ID name can not be found by the underlying security
system" Does anybody know how to fix this error

I've managed a Private Key Infrastructure where I work and I've seen this happen most in two cases. The first is when the sender has an older version of the recipient's public key and the recipient has deleted the expired cert. The sender can encrypt the message but the recipient can't decrypt it because there's no private key anymore. The other case is that the recipient's cert is damaged and the rpivate key is no longer available. You can test for this case easily enough. Click Start>Run, enter "certmgr.msc" in the Open field and click OK. When the certificate manager opens, expand "Personal" and select "Certificates". Select the certificate in the right-hand pane and click Action>All Tasks>Export. When the Certificate Export Wizard opens, click Next. You should see a dialogue containing two radio buttons, one labeled "Yes, export the private key" and the other labeled "No, do not export the private key". If the "Yes" button is grayed out and unselectable, the private key is damaged and the cert will need to be reissued or the PKI's "private key recovery" function used.
--
Brian Tillman [MVP-Outlook]

.

Relevant Pages

  • Re: Error using E-mail encryption
    ... but the error still shows up when we try to open encrypted emails. ... I've managed a Private Key Infrastructure where I work and I've seen this ... When the certificate manager opens, ... When the Certificate Export Wizard opens, ...
    (microsoft.public.outlook)
  • Re: Encrypted emails
    ... they are still having problems with opening Encrypted emails. ... I don't think it's a good idea to delete older certs. ... Have the person expand "Personal" and select "Certificates", then select the certificate with the public key with which the message was supposedly encrypted. ... You should see two radio buttons, one labeled "Yes, export the private key" and the other labeled "No, do not export the private key". ...
    (microsoft.public.outlook.general)
  • Re: Encrypted emails
    ... It looks like they do have damaged certs in the cert store. ... they are still having problems with opening Encrypted emails. ... "Certificates", then select the certificate with the public key with which the ... That should display an "Export Private Key" dialogue. ...
    (microsoft.public.outlook.general)
  • Re: Unable to use third-party cert after Exch Sp2 update on SBS200
    ... Every *server* certificate in IIS has to ... The public key is sent when a request from a browser ... The public key is used to *decrypt* data. ... The private key is used ...
    (microsoft.public.windows.server.sbs)
  • RE: SIMple SSL question ??
    ... I believe your book is instructing you to keep the private key secure. ... you use the certificate request wizard in IIS to install the cert after it's ... the certificate that's just been installed. ... If an attacker retrievs the SSL certificate, ...
    (microsoft.public.dotnet.security)