Cannot send encrypted message to others using Outlook 2010

email microsoft-outlook microsoft-outlook-2010 encryption certificate

39,637

Solution 1

The solution to the problem was to delete older certificates for the contact. Somehow, Outlook can default to an older certificate, so if you are updating a certificate the easiest thing to do is delete any pre-existing certificates for the contact in question so that when you import the new certificate it will be the only one.

Solution 2

Microsoft tells how to resolve this, but it's on your recipient & not for you to do: http://support.microsoft.com/kb/884738

To resolve this issue, the recipient must follow these steps:

On the Tools menu, click Options.
Click the Security tab.
In the Default Setting list, make sure that the correct security profile for the digital ID that you want to use is selected. To verify your certificate settings, click Settings. You can click Choose, and then click View Certificate to view your certificate details.
Under Digital IDs (Certificates), click Publish to GAL, and then click OK. This will republish the correct certificate to the global address list to make sure that users are addressing you with the correct digital certificate.
Click OK when you are prompted that your certificates were published successfully.
Click OK to exit the Options dialog box.

Solution 3

Go to File, Options, click on Mail, scroll down until you see Send Messages and then click on Empty Auto-Complete List. Click OK when done. Compose an encrypted email using the GAL to find the person you want to send to, once you have them in the To: box Right click on the name and Add to Outlook Contacts. This will rebuild your cashed Auto-Complete list. PKI is now up to date.

Solution 4

In my case there was neither GAL involved nor any older certificates for the contact.

What finally solved my issue was deleting the contact as a whole - also from deleted items - and recreating it from a signed message of the recipient:

Delete the contact from the contact list
- you may want to backup it before - either by exporting your contacts or by drag&drop from Outlook's contact list to some local folder
- hold down the shift key when deleting, so it's permanently deleted (message pops up to confirm)
Recreate the contact from signed message
- Open a signed(!) message sent by the contact, right click on the sender's name in the header and select "Add to Outlook contacts" in context menu
- if there's no "Add to Outlook contacts" in context menu but "Edit Contact", the old entry is still somewhere in Outlook. Repeat and check step 1. Also check "Deleted items" folder, if the contact was moved there instead of being permanently deleted. If yes, delete it from "Deleted items" folder, too.
After adding the contact as new, check if the certificate has been added to the contact list entry.

Note: this was in Outlook 2013

View more solutions

39,637

Tyler Durden

Updated on September 18, 2022

Comments

Tyler Durden over 1 year

I am unable to send encrypted messages to others in Outlook 2010. I get the following error:

"Microsoft Outlook had problems encrypting this message because the following recipients had missing or invalid certificates, or conflicting or unsupported encryption capabilities:"

The recipient is in my contacts list and has a digital ID/certificate. I have explicitly trusted this certificate. When I made the email I filled the "To:" field using the exact contact from the Contacts list.

If I right click on the recipient and choose "Lookup Outlook contact", their card comes up. If I then select "Certificates", it shows the certificate for the recipient and it is a valid and up-to-date certificate. I am able to send encrypted messages to myself.

How can I find out the precise problem that is causing the error?
- TTT almost 10 years
  
  Did you ever solve this? If so, how? If not, does wiping out the email address in the To field and retyping it in work for you? I have the same issue and that's what I have to do...
- Tyler Durden almost 10 years
  
  I sort of solved this problem by getting a special kind of certificate called a "PKI", then I had to go to this special Department of Defense site and download ALL of their authority thingies, which took a long time. After that I could do it. It was a true pain in the ass.
Shrout1 about 9 years

I'm experiencing the same issue as the OP but the user I'm trying to help is sitting on a separate domain... Publishing the cert back to the GAL won't help. Furthermore, the certificate trust and dates are all valid. It seems more like outlook isn't correctly recognizing the address book when the user's e-mail is entered.