Cannot view encrypted message in Sent Items folder

  • Article

 

Problem description

This issue is related to the issue discussed in Cannot decrypt message in Outlook Web Access with the S/MIME control when the recipient's digital certificate is missing from the local system. Although the sender is attempting to view the message, from the standpoint of encryption in this instance, the sender is also a recipient. When the message is sent, the e-mail client attempts to encrypt a copy of the e-mail message using the public key of the sender's encryption certificate from Active Directory® or the Contacts folder, just as with all other recipients.

When the sender attempts to view the message in the Sent Items folder, the e-mail client must access the private key for the sender's encryption certificate on the local computer or smart card to decrypt and display the message. If the private key of the sender's encryption certificate is not present, the sender cannot decrypt and view the message. This behavior is identical to that for any recipient.

If the e-mail client was unable to obtain the public key of the sender's encryption certificate from Active Directory or the Contacts folder when the message was sent, the e-mail client alerts the sender that the message cannot be encrypted for all recipients. The sender then has the option to send the message unencrypted, or to encrypt the message knowing that not all recipients will be able to decrypt the message. In this instance, if the sender chooses to encrypt the message, the sender will not be able to view the message in the Sent Items folder.

Resolution

If the e-mail client can access the public key of the sender's encryption certificate in Active Directory or the Contacts folder when the message was sent, this issue can be resolved by making the private key of the sender's encryption certificate available on the computer on which the sender is attempting to view the sent item. For more information, see Cannot decrypt message in Outlook Web Access with the S/MIME control when the recipient's digital certificate is missing from the local system.

If the e-mail client could not access the public key of the sender's encryption certificate in Active Directory or the Contacts folder when the message was sent, and the sender chooses to encrypt the message, the sender cannot view the message. Because the message was not encrypted using the sender's encryption certificate, from the standpoint of S/MIME, the sender is not an authorized recipient and should not be able to view the encrypted sent item. You can prevent future occurrences by ensuring that the e-mail client can access the sender's encryption certificate in Active Directory or the Contacts folder.