Digital Certificate Problem in Outlook 2003

[Adam Baker]

I have installed a digital certificate in Outlook from Thawte on a user's computer. When I tried to send his signature to others, it wouldn't let me. The error "Your digital ID name can not be found by the underlying security system" came up. When I went to Tools>Options>Security and click on Settings, MD5 and RC2-128 bit are selected by default. Every other user uses SHA1 and 3DES, but these options aren't even available for this user. I can't find any info on this problem, and I thought someone here might help.I've got Windows XP Pro and Office Pro 2003.

I've tried reinstalling a new digital certificate and Office was just installed on the computer.

Thank you in advance,

Adam

 

[Brian Tillman]

I have installed a digital certificate in Outlook from Thawte on a
user's computer. When I tried to send his signature to others, it
wouldn't let me. The error "Your digital ID name can not be found by
the underlying security system" came up. When I went to
Tools>Options>Security and click on Settings, MD5 and RC2-128 bit are
selected by default. Every other user uses SHA1 and 3DES, but these
options aren't even available for this user. I can't find any info on
this problem, and I thought someone here might help.I've got Windows
XP Pro and Office Pro 2003.

It appears that the certificate you installed may not be the correct type.
Can you check that?

 

[Adam Baker]

I don't think that is the problem, because of the simple fact that I have done the same exact thing with 10-15 other users. They are all running XP and Office 2003 as well. I was trying to resolve the issue with Microsoft yesterday(horrible experience), and I came to realize something was wrong with the private key. I still haven't found the exact issue, but I kinda worked around it. I went to getacert.com and got a digicert from them, which worked. The only problem is that you have to tell Outlook to trust it before you can save it to contacts. Not a big deal to us, but trying to get un-comp-savvy
people to do it on their own is just not gonna happen.

Thanks for the response, but I think this is an issue that won't get resolved. I've posted a couple of other places....with no responses. Plus I've only found about 3 other 'exact' problems with no responses dating back to '06.

BTW....the private key thing was that it seems there is no private key. When I try to export it from Internet Options>Content the option to export the private key with the cert is greyed out.

 

[Dennis C. Jr., Virginia Beach, VA]

I am seeing something similar to Adam's issue below. My client has a
government issued Common Access Card (CAC) with credentials similar to a PKI
certificate on it. He also has the SmartCard software from ActivIdentity
installed and working on his computer but, within Outlook 2003 the program
refuses to acknowledge the certificate as valid. If the "Sign this messahe"
button is clicked during message composition, a "Change Security settings..."
dialog box opens and we have to opportunity to select "<ActivIdentity>" and
see what appears to be his certificates, however Outlook keeps returning to
the same "Change Security settings..." pop-up.

I have searched the Knowledge Bases at support.microsoft.com and
ActivIdentity and found nothing to explain this behavior so far. I would
like to find some way to have Outlook forget any previous PKI certificates
the user possessed and re-recognize only his SmartCard credentials, but so
far no luck finding that information either.

I realize this issue involves MUCH more than the Microsoft Outlook 2003
product in question, so I'm not holding my breath for any sort of a solution.
Just taking a shot here with some limitd details.

~ Dennis

 

[Brian Tillman]

Dennis C. Jr., Virginia Beach, VA

I have searched the Knowledge Bases at support.microsoft.com and
ActivIdentity and found nothing to explain this behavior so far. I
would like to find some way to have Outlook forget any previous PKI
certificates the user possessed and re-recognize only his SmartCard
credentials, but so far no luck finding that information either.

Have you tried removing everything from the crypto store and re-adding the
ActivIdentity cert? Use the certmgr Microsoft Management Console plug-in.
Start>Run>certmgr.msc

 

[Dennis C. Jr., Virginia Beach, VA]

Dennis C. Jr., Virginia Beach, VA


Have you tried removing everything from the crypto store and re-adding the
ActivIdentity cert? Use the certmgr Microsoft Management Console plug-in.
Start>Run>certmgr.msc

Not yet, but thanks for the idea. I was not entirely sure whether that
would be the ONLY place they needed to be removed from and I did not want to
(potentially) make matters worse by trying something unknown.

Removing and reinstalling both Outlook and ActivIdentity were things I was
considering but I had not attempted them yet either. The user has only had
this laptop for a few days and it seemed rather extreme to begin a "slash and
burn" campaign at this point.

 

[Adam Baker]

I have come across my original problem once again. The EXACT same problem occured when I added a user to a laptop and tried to get a digital certificate for her. This time, though, I logged her off, logged on as myself and set up Outlook with my e-mail address. I had no problem with the digital certificate this time! :? Instead of trying to figure this peculiar problem out, I just set her up on a different laptop with no problems concerning the digital certificate.

Note: Since the first problem, the original user I had a problem with has gotten a new laptop and I had no problems with the digital certificate.

Any thoughts?