There are many areas of Outlook that are potential problems for administrators. Once such area is the sending and receiving of digitally signed messages.

Digitally signing email messages is a form of protection that can be used to prevent identity fraud and the abuse of email messages sent to and from Outlook. Outlook allows email messages to be sent with cryptographic features such as S/MIME digital signatures and encryption.

Such messages can utilize “public key/private key” encryption technology to make private their email messages so that only recipients who possess a public key are able to view the encrypted email message. There is a complicated mathematical relationship between the two keys such that any message encrypted with the public key can only be decrypted using the specific private key. The reverse relationship is also true: any message encrypted with the private key can only be decrypted using the corresponding public key. It is this reverse relationship which supports digital signatures.

Oftentimes you will run across the situation where an end user complains to you that they cannot open a digitally signed message. When they attempt to do so they receive the following warning message: “Signature not trusted.” This is usually an indication that their email system has not implemented email security yet.

If it is a problem with the certificate then an error message will appear that has a red colored X indicating what part of the certificate is having a problem. Your potential solutions can include editing the trust level for the sender’s certificate. Another possible cause of the problem is an outdated or expired certificate.

You can change the trust level of the sender. You should see a Certificate dialog box that will allow you to edit the trust level by clicking on it. You should click on “Explicitly trust this certificate”.

If the problem is with an outdated or expired certificate then, within the same Certificate dialog box, you should click on View Certificate and then click on the Details tab. You will see fields for the “Valid From” and “Valid To” dates. Check to make sure that the certificate has not expired. If it has expired then you can notify the sender of the email using the expired certificate of the expiration status. That sender will most likely have to contact their administrator to create a new certificate.

This process of creating a new certificate will involve an administrator having to contact a trusted third party who is currently storing all of the public keys for the sender’s company. This third party is called a “Certificate Authority” or CA for short. Such a Certificate Authority would be Verisign. Normally a new public/private key pair will have to be generated and the public key sent to Verisign for the authentication process.

What I’ve just described is the problem and solution for when a recipient cannot open a digitally signed message. Sometimes the problem is just the opposite. Your end user has called you to complain that they themselves cannot send an encrypted email message.

When this situation occurs, you, as the administrator, must verify that the email recipient’s digital ID is stored with the address in the contact list or address book. Check for multiple entries. It is possible that your end user had selected and email address for the recipient that did not have the copy of the recipient’s digital ID. They must use the email address for the recipient that includes a copy of the digital ID before they can successfully send the encrypted email message.

If the changes mentioned above do not correct the security problem then you might have to change the security settings for zone.

You can change the zone settings by:

• Clicking on Options from the Tools menu.
• Then click the Security tab.
• Click on the Zone settings
• Click on the OK button or just hit enter when you get the warning box.
• Select Internet for the “Select a web content zone to specify its security settings”. If you want to see content without getting warnings then move the slider bar for the “Security level for this zone” until you select Low. If you want to see the warnings then move the slider bar until you select Medium.