Could not send out secure email using e-cert

Archived from groups: microsoft.public.win2000.security (More info?)

I just setup a test MS CA enterprise server and can request an e-cert from web. I downloaded my personal e-cert to my computer and configured MS Outlook secure e-mail from Option. I can include my downloaded e-cert to the "Certificates and Algorithms". However, when I send out secure email message using my e-cert, error message pop-up that my email address could not send out secure email. I understand when I requested my e-cert from CA server, the system didn't ask me my email address so that I couldn't use my e-cert for sending email.

My question is how can I include my email address in the e-cert when I request from CA server. I repeated going through the process, I still couldn't find out where I can include my email address in the e-cert

Thanks!
3 answers Last reply
More about could send secure email cert
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Peter,

    since you have Enterprise CA, information for the certificates are generated
    from active directory. If your users have e-mail property set in AD it will
    be added to certificate.

    Also note what is the purpose of the certificate (e.g. Protects e-mail
    messages)

    I hope this helps,

    Mike

    "Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
    news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
    > I just setup a test MS CA enterprise server and can request an e-cert from
    web. I downloaded my personal e-cert to my computer and configured MS
    Outlook secure e-mail from Option. I can include my downloaded e-cert to
    the "Certificates and Algorithms". However, when I send out secure email
    message using my e-cert, error message pop-up that my email address could
    not send out secure email. I understand when I requested my e-cert from CA
    server, the system didn't ask me my email address so that I couldn't use my
    e-cert for sending email.
    >
    > My question is how can I include my email address in the e-cert when I
    request from CA server. I repeated going through the process, I still
    couldn't find out where I can include my email address in the e-cert
    >
    > Thanks!
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Mike,

    I'm try to setup an e-cert environment for email encryption for our company users to replace PGP. We're required to support not only our domain users but also support different domain users overseas. I want to use CA enterprise to gerenate e-cert/keys for users to communicate with encryption email. I'm not sure whether I should use CA standalone instead of enterprise server in this case.

    In addition, do you mean that when we're using MS Exchange 2003 under AD environment, our users do not have to import key to their Outlook for email encryption (as PGP do)?

    "Miha Pihler" wrote:

    > Hi Peter,
    >
    > since you have Enterprise CA, information for the certificates are generated
    > from active directory. If your users have e-mail property set in AD it will
    > be added to certificate.
    >
    > Also note what is the purpose of the certificate (e.g. Protects e-mail
    > messages)
    >
    > I hope this helps,
    >
    > Mike
    >
    > "Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
    > news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
    > > I just setup a test MS CA enterprise server and can request an e-cert from
    > web. I downloaded my personal e-cert to my computer and configured MS
    > Outlook secure e-mail from Option. I can include my downloaded e-cert to
    > the "Certificates and Algorithms". However, when I send out secure email
    > message using my e-cert, error message pop-up that my email address could
    > not send out secure email. I understand when I requested my e-cert from CA
    > server, the system didn't ask me my email address so that I couldn't use my
    > e-cert for sending email.
    > >
    > > My question is how can I include my email address in the e-cert when I
    > request from CA server. I repeated going through the process, I still
    > couldn't find out where I can include my email address in the e-cert
    > >
    > > Thanks!
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi Peter,

    You could setup standalone CA server. There you will have an option to
    manually enter users details (e.g. first and last name, e-mail address, ...
    etc). Just have a good CA design or you will end up installing new CA in a
    year or so... :-).

    In you Exchange 2003 environment users don't have to import _public_ keys
    for other users that are in AD. If user is trying to send an e-mail to
    someone in same organization then Outlook will perform the LDAP search in AD
    and try to find published _public_ key of recipient.

    I hope this helps,

    Mike

    "Peter Li" <PeterLi@discussions.microsoft.com> wrote in message
    news:168130A2-CE95-41AF-A742-78D1B82C462A@microsoft.com...
    > Hi Mike,
    >
    > I'm try to setup an e-cert environment for email encryption for our
    company users to replace PGP. We're required to support not only our domain
    users but also support different domain users overseas. I want to use CA
    enterprise to gerenate e-cert/keys for users to communicate with encryption
    email. I'm not sure whether I should use CA standalone instead of
    enterprise server in this case.
    >
    > In addition, do you mean that when we're using MS Exchange 2003 under AD
    environment, our users do not have to import key to their Outlook for email
    encryption (as PGP do)?
    >
    > "Miha Pihler" wrote:
    >
    > > Hi Peter,
    > >
    > > since you have Enterprise CA, information for the certificates are
    generated
    > > from active directory. If your users have e-mail property set in AD it
    will
    > > be added to certificate.
    > >
    > > Also note what is the purpose of the certificate (e.g. Protects e-mail
    > > messages)
    > >
    > > I hope this helps,
    > >
    > > Mike
    > >
    > > "Peter Li" <Peter Li@discussions.microsoft.com> wrote in message
    > > news:C9CE3D21-E7B7-4ED5-86CF-83EBF634B376@microsoft.com...
    > > > I just setup a test MS CA enterprise server and can request an e-cert
    from
    > > web. I downloaded my personal e-cert to my computer and configured MS
    > > Outlook secure e-mail from Option. I can include my downloaded e-cert
    to
    > > the "Certificates and Algorithms". However, when I send out secure
    email
    > > message using my e-cert, error message pop-up that my email address
    could
    > > not send out secure email. I understand when I requested my e-cert from
    CA
    > > server, the system didn't ask me my email address so that I couldn't use
    my
    > > e-cert for sending email.
    > > >
    > > > My question is how can I include my email address in the e-cert when I
    > > request from CA server. I repeated going through the process, I still
    > > couldn't find out where I can include my email address in the e-cert
    > > >
    > > > Thanks!
    > >
    > >
    > >
Ask a new question

Read More

Email Servers Windows