Exchange
United States (English) Sign in
Home Online 2013 2010 Other Versions Library Forums Gallery EHLO Blog
TechNet Library
Exchange
Exchange Server 2003
Security and Protection
Exchange Server Message Security Guide
Troubleshooting S/MIME in Exchange Server 2003
Cannot view opaque-signed message when using non-S/MIME clients
Cannot decrypt message in Outlook Web Access with the S/MIME control when the recipient's digital certificate is missing from the local system
Cannot view encrypted message in Sent Items folder
Cannot sign message in Outlook Web Access S/MIME when the sender's signing digital certificate is missing from the local system
Cannot send encrypted message in Outlook Web Access S/MIME when the recipient's encryption certificate is missing from Active Directory or the Contacts folder
Cannot verify sender's digital signatures when the sender's root CA digital certificate is not present in the Local Computer certificate store of the recipient's Exchange server
Cannot verify sender's digital signatures when the sender's intermediate CA digital certificates do not provide authority information access and are not present in Local Computer certificate store of recipient's Exchange server
Cannot verify sender's digital signatures when the sender's intermediate CA digital certificates provide authority information access through LDAP or HTTP and the recipient's Exchange server is behind a firewall
Cannot access CRLs when the CRL distribution point specified in digital certificates is accessible only through LDAP or HTTP and the user's Exchange server is behind a firewall
Cannot access CRLs when the user's Exchange server lacks rights to access CRL distribution point
Different certificates used when using Outlook and Outlook Web Access with S/MIME control
Forwarding or replying to a signed message in Outlook Express causes Outlook Express to automatically attempt to sign the message
Expand Minimize
This topic has not yet been rated - Rate this topic

Different certificates used when using Outlook and Outlook Web Access with S/MIME control

 

Topic Last Modified: 2005-05-19

In Active Directory, there are two attributes where the S/MIME digital certificates can be stored: the userCertificate attribute and the userSMIMECertificate attribute. By default, Outlook looks first to the userSMIMECertificate attribute, and uses any viable S/MIME certificate found in that attribute. By default, Outlook Web Access looks first to the userCertificate attribute, and uses any viable S/MIME certificate found in that attribute.

If different digital certificates are stored in the userCertificate and userSMIMECertificate attributes, it is possible for Outlook and Outlook Web Access to use different digital certificates because they each look at different Active Directory attributes.

To resolve this issue, ensure that the same certificates are stored in both the userCertificate and userSMIMECertificate attributes. For more information, see Microsoft Knowledge Base article 822504, "Outlook 2003 Continues to Use Old Certificates After You Migrate from Key Management Server to Public Key Infrastructure."

 
Did you find this helpful?
(1500 characters remaining)

Community Additions

ADD
© 2013 Microsoft. All rights reserved.