Important This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows XP and Windows Vista
You obtain an S/MIME certificate to sign your e-mail messages in Microsoft Office Outlook 2003. However, you do not take the necessary step of setting up your certificate for use in Outlook 2003. Therefore, when you send an e-mail message, you cannot sign or encrypt the message. For example, you may experience one of the following symptoms:
No button is available to sign or to encrypt the e-mail message.
When you click the button to sign or to encrypt the e-mail message, the message is not signed or encrypted.
Note To set up the S/MIME certificate for use in Outlook 2003, specify which certificates should be used for signing and for encrypting. To do this, click Options on the Tools menu, and then click the Security tab.
To resolve this problem, install hotfix 948076. Then, to enable the hotfix, add the SecurityAlwaysShowButtons entry in two locations in the registry.
How to obtain the hotfix
This issue is fixed in the Outlook 2003 post-Service Pack 3 Hotfix Package that is dated January 23, 2008. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
948075 Description of the Outlook 2003 post-Service Pack 3 hotfix package: January 23, 2008
How to enable the hotfix
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To enable this hotfix, follow these steps:
Exit Outlook 2003.
Start Registry Editor.
In Windows Vista, click Start , type regedit in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for confirmation, type the password, or click Continue.
In Windows XP, click Start, click Run, type regedit, and then click OK.
Locate and then right-click the following registry subkey:
On the Edit menu, point to New, and then click DWORD Value.
Type SecurityAlwaysShowButtons, and then press ENTER.
Right-click SecurityAlwaysShowButtons, and then click Modify.
In the Value data box, type 1, and then click OK.
Exit Registry Editor.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Typically, before the Sign and Encrypt toolbar buttons are available, you must specify which certificates should be used for signing and for encrypting. In a deployment scenario, it would be better to specify the S/MIME settings automatically without requiring users to manually specify the settings in the Security dialog box. There is no deployment mechanism for S/MIME settings. However, this hotfix provides an alternative method.
If the S/MIME certificates have been deployed to the client computers, Outlook will automatically configure the settings if you have specified that you want a message to be signed or encrypted. Without this hotfix, the toolbar buttons are not available. Therefore, it is difficult to specify that you want the message to be signed or encrypted. After you apply and enable the hotfix, the toolbar buttons will always be available.
Note If a valid S/MIME certificate is not present, and you try to sign or to encrypt a message, the signing or encryption operation fails. Additionally, you receive the following error message:
Microsoft Office Outlook could not sign or encrypt this message because you have no certificates which can be used to send from the e-mail address 'e-mail address'. You can do either of the following:
Get a new digital ID to use with this account. On the Tools menu, click Options, click the Security tab, and then click Get a Digital ID.
Use the Accounts button to send the message using an account that you have certificates for.
For the hotfix to work, there must be a valid S/MIME certificate on the computer that Outlook can find and use for S/MIME purposes.