I am trying to setup email encryption functionality.
I have created my own CA, 2 PFX certificates, and have signed the PFX certificates with the CA certificate.
The setup on both machines seem to be fine - I have added the CA cert on both machines, and listed it as a Trusted Root Certification Authority on both machines, and have checked the "Secure Email" option. I have imported the individual PFX certificates via Outlook, and published the certificates to GAL.
Email signing is working perfectly - both senders can send signed emails that are trusted. After sending a signed email to each other, both recipients added the sender to their Outlook Contacts, with the corresponding certificate also added.
However, the encryption of emails appears to only be working sometimes. On the occasion only, if a user sends an encrypted email to the recipient (Options -> Encrypt -> Encrypt with S/MIME), the recipient will be able to successfully read the message. However, the large majority of the time, when the recipient attempts to open the email, they are met with the error message:
Sorry, we're having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system.
It is an extremely annoying error that only happens sometimes. All help would be appreciated.
Note
It should also be noted that on the times the encrypted email cannot be opened by the recipient, the sender can open the email from their Sent box. However, as expected, on the times that the recipeient can successfully open the email, the sender cannot view their message in the Sent box.
This gives me the impression that on the times email encryption fails, the email is being encrypted using the sender's public key, and not the recipients? How could I check this?
Update
After checking the Message Security Properties of messages sent that couldn't be successfully decrypted by the recipient, I discovered that those emails were encrypted for the sender, not the recipient (this can be seen in the description of the Encryption Layer).
So now I know the issue - sometimes the emails are being encrypted for the sender, and sometimes they are being encrypted for the receiver. Why would this be happening? Is this an Outlook issue?
5 Reset to default
