Encrypting a message
in [Outlook]
|
From: azlan on 31 Dec 2007 03:57 Hi, I got a error message " MS Office Outlook cannot sign or encrypt this message because your certificate is not valid" when i try to encrypt email using recipient certificate. I have already save the recipient contact and later import her certificate into her contact. In the message option under security setting i checked "encrypt ...." message box. May you help me? Thanks
From: VanguardLH on 31 Dec 2007 15:41 "azlan" wrote in message news:9ED5EEE1-F329-46A9-B7EC-E90020E9FA28(a)microsoft.com... > I got a error message " MS Office Outlook cannot sign or encrypt > this > message because your certificate is not valid" when i try to encrypt > using recipient certificate. I have already save the recipient > contact and > later import her certificate into her contact. In the message option > under > security setting i checked "encrypt ...." message box. May you help > me? The recipient's e-mail certificate expired. They'll have to get a new one. Or maybe it has been revoked (by the cert owner or by the cert issuer). They'll have to get a new one. Or maybe it was corrupted and that's what you saved so you'll have to get the recipient to send you another signed e-mails with their current cert, save it, and try that one.
From: azlan on 1 Jan 2008 04:51 Dear VanguardLH, For your information, the sender's mail was not signed. Instead, i got her certificate as attachment in her email. Then i tried to change the security setting configuration from automatic to custom. In select certificate to encrypt. however i couldn't find the sender certificate. Please help me as i want to send confidential data. Thanks. "VanguardLH" wrote: > "azlan" wrote in message > news:9ED5EEE1-F329-46A9-B7EC-E90020E9FA28(a)microsoft.com... > > I got a error message " MS Office Outlook cannot sign or encrypt > > this > > message because your certificate is not valid" when i try to encrypt > > using recipient certificate. I have already save the recipient > > contact and > > later import her certificate into her contact. In the message option > > under > > security setting i checked "encrypt ...." message box. May you help > > me? > > > The recipient's e-mail certificate expired. They'll have to get a new > one. Or maybe it has been revoked (by the cert owner or by the cert > issuer). They'll have to get a new one. Or maybe it was corrupted > and that's what you saved so you'll have to get the recipient to send > you another signed e-mails with their current cert, save it, and try > that one. > >
From: VanguardLH on 1 Jan 2008 06:17 "azlan" <azlan(a)discussions.microsoft.com> wrote in message news:D082D410-C893-4CB4-8366-A6052B499215(a)microsoft.com... > Dear VanguardLH, > For your information, the sender's mail was not signed. Instead, i > got her > certificate as attachment in her email. Then i tried to change the > security > setting configuration from automatic to custom. In select > certificate to > encrypt. however i couldn't find the sender certificate. Please help > me as i > want to send confidential data. Thanks. I've never sent anyone a cert as an attachment. Sounds like you got the entire cert, tried to install it, and would end up using the recipient's private key instead of their public key; however, the recipient would be using their private key to decrypt yet it expects the public key half to have been used to do the encryption. Have the user send you a digitally signed e-mail, save that contact to your address book (Contacts), and then use that contact record when you want to specify the recipient to whom you want to send encrypted e-mail. You installing her cert means you do not have the e-mail address in that cert that the recipient used to register that cert. That means the e-mail in the recipient's cert will not match up with any of the e-mail accounts that you have defined in Outlook. You need to use the e-mail account that matches its e-mail address with the one recorded inside the cert. You cannot install the recipient's cert. You install your own (for someone else to use its public key). When you configure S/MIME in the Security tab, you associate the cert containing your e-mail address with the account that uses that e-mail address. Your e-mail address is not the recipient's e-mail address. You need their public key, not their private key. They need to use their private key to decrypt what you encrypted using their public key. I'm not sure their e-mail address is even associated (i.e., required) in the public key since only that recipient can decrypt with their private (i.e., only the recipient should have their private key). That they gave you their entire cert means they should revoke that cert and create a new one and only give you the public key to it by sending you a digitally signed e-mail. I've pretty much followed the instructions given for how to install my own e-mail cert and how to disperse the public key to others who would then use it to send me back their encrypted e-mails. For going outside the box in procedure, maybe you'll want to ask in a security newsgroup. http://en.wikipedia.org/wiki/Public_key_infrastructure
|
Pages: 1 Prev: Outlook 2007 SP1 crashes on Instant Search Next: Outlook 2003 Crash |