Getting encrypted and signed email certs working - Cloud Computing & SaaS

link管理

链接快照平台

输入网页链接，自动生成快照
标签化管理网页链接

相关文章推荐

文质彬彬的凉面 · TS 下uint8array 转 ...· 2 月前 ·

卖萌的米饭 · PcapPlusPlus: ...· 3 月前 ·

闷骚的伤疤 · Tuple2 (Hazelcast ...· 7 月前 ·

性感的青椒 · 那个村里的木工师傅，成了10天涨粉116万的 ...· 11 月前 ·

想旅行的松球 · 战场双马尾全角色属性分析 ...· 1 年前 ·

Hello,

A coworker has a CaC with a certificate on it. We got it imported into the Outlook trust center and everything looks good there. He is able to toggle “Signed” and send a test message to himself with no issue, however if he toggles “Encrypt” he gets:

“Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities:”

I tried getting my own cert and sending signed emails between two email accounts to check if doing that allows sending of encrypted email…and I get the same message. I was using the same cert on both accounts though so I’m not sure if that’s part of it.

The person my coworker is trying to encrypt messages to does not want to be bothered so I don’t want to have him try sending a signed message first in the hopes that it allows encryption later without knowing for sure.

Any assistance? It’s on Outlook 2013 on Office 365.

Ahhh CACs, love it. I’ve found that in order for me to send encrypted messages from Outlook, either A) I need to import the person into my Contacts and make sure their public key encryption cert is there or B) make sure the person has published their public key cert to the GAL (Global Address List) so it’s picked up automatically. Yes, that goes for sending test messages to myself as well, because Outlook treats my address as any other address. Sending encrypted messages to yourself should work as long as the sending machine has your account in Contacts with a cert attached to it.

As for your coworker’s encryption partner, your coworker will need the person’s public key before he can send any encrypted messages to that person, so either he’ll have to get the person’s certificate in a signed message, or that person will have to publish the cert to a GAL.

Bonus tip: If you end up dealing with CACs for things like DOD PKI site authentication as well, http://www.militarycac.com/ is a great resource. We’ve used info up there to solve issues like repairing the DOD certificate trust chain under Windows. The site doesn’t have all that much about e-mail (outside of DOD’s enterprise mail system), but it might just solve other problems in the future.