Article ID: 927463 - View products that this article applies to.
When you try to send a digitally signed or encrypted e-mail message by using Microsoft Office Outlook Web Access, the message is not sent. Additionally, you receive one of the following error messages:
This issue occurs because the trusted root certification authority (CA) certificate or the intermediate CA certificate for the issuer of the digital ID that you are using is not installed on the Microsoft Exchange Server 2003 front-end servers and back-end servers that are used for Outlook Web Access.
This issue can also occur if the following conditions are true:
To resolve this issue, use one of the following methods.
Method 1: Use a Group Policy configurationUse a Group Policy configuration to distribute certificates that will be trusted by all member computers of the domain. For more information about how to add a trusted root CA to a Group Policy object, visit the following Microsoft Web site:
Method 2: Manually install certificates
CN= Some One Efirstname.lastname@example.orgOr, you can publish the user's certificate to Active Directory. This is easy to do in Outlook by using the Publish to Gal option. An administrator can also publish the certificate from the Microsoft Management Console (MMC) Active Directory Users and Computers snap-in.
Exchange 2003 requires that you add the trust chain to the administrator account and to the local computer accounts. A trust chain can have more than one intermediate CA. After you add the trust chain, the certification path is available to Exchange Server. This allows for S/MIME to work successfully.
Article ID: 927463 - Last Review: January 9, 2009 - Revision: 3.0