Cannot verify sender's digital signatures when the sender's intermediate CA digital certificates provide authority information access through LDAP or HTTP and the recipient's Exchange server is behind a firewall

Problem description

This issue is similar to the previous issue where intermediate digital certificates do not provide authority information access information. But in this situation, authority information access information is provided but the digital certificates for the intermediate CAs are available only though Lightweight Directory Access Protocol (LDAP) or HTTP, and the recipient's Exchange server is behind a firewall.

By default, when behind a firewall, the Exchange server cannot successfully make LDAP or HTTP connections to the servers specified in the certificates' authority information access. As a consequence, the Exchange server cannot successfully validate the full certificate chain.

If a recipient views a message signed using a certificate that provides access to the digital certificates of the intermediate CAs specified in authority information access through LDAP or HTTP, and the recipient's Exchange server is behind a firewall and cannot connect through the firewall over the protocol specified in authority information access, Outlook Web Access displays the following error message:

The digital ID was issued by an untrusted source.

Resolution

To resolve this issue, do either of the following:

• Import the digital certificates for the sender's intermediate CAs into the Intermediate Certification Authorities folder in the Local Computer certificate store of the recipient's Exchange server.

• Install and configure a firewall client for the appropriate protocols on the recipient's Exchange server.