your digital id name cannot be found by the underlying security system Results


Sponsored Links:



Hello All,

I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my question.
Instead, I posted it on microsoft.public.security.

My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be found
by the underlying security system."

The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private key,
the box is grayed out and a note indicates that "The associated private key
can not be found. Only the certificate can be exported."

I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3

Any suggestions on how to resolve the problem?

Thanks




Hello All,

I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my question.
Instead, I posted it on microsoft.public.security.

My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be found
by the underlying security system."

The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private key,
the box is grayed out and a note indicates that "The associated private key
can not be found. Only the certificate can be exported."

I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3

Any suggestions on how to resolve the problem?

Thanks





I have Outlook 2007 on Vista 32 bit Business. Recently I have this problem where if somebody sends me an encrypted e-mail I cannot decrypt and open it. When I try to open it I get the error message "your digital id name cannot be found by the underlying security system". This happens with 2 different e-mail addresses which have their own separate digital certificates. I cannot read incoming encrypted e-mail on either of them. One digital certificate is a few weeks old and the other is 11 months old. Both have worked OK in the past. It seems to be an Outlook problem. It's like Outlook cannot find the private key installed. When I set up my e-mail account and digital cert on Thunderbird, everything works OK.

I've tried to remove and reinstall the digital certificates on Outlook but I'm not sure if I did it right. I went into Internet Explorer and under Options/Content/Certificates and removed the digital cert. I couldn't find a direct way to remove it from Outlook. Then I reinstalled the digital cert from backup. It's didn't work, the problem still exists.




Hi all,
i have problem with Outlook clients. Sometimes we receive signed emails
which can be opened only one time ( when they are marked as unread ).But when
we try to open these emails when are marked as readed, the following error
occur:
Cannot open message.Your digital ID name cannot be found by the underlying
security system.

MS Exchange server 2000 6249.4 SP3
Windows 2000 server SP4

Outlook 2002 SP3
WIndows XP




p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica} p.p2 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica; min-height: 14.0px}

Hello,

I have a user who just switched from Mac Mail to Outlook 2011.  Getting a strange issue when sending to users on Outlook 2010 PC.

 

When sending a message, users on Outlook 2011 and people viewing the message via web mail can see the message fine.  It reports that it's a digitally signed message (just one sentence), and the certificates look fine.  Via the web, the message appears fine.  It says:

"This message has a digital signature. The digital signature could not be validated because the S/MIME control is not available."  However, it comes up fine.

 

However, users on Outlook for PC (my version is 2010), cannot read it.  I first get a preview pane error "This item cannot be displayed in the Reading Pane. Open the item to read its contents."  And when I double-click on the message, I get a pop up window "Your Digital ID name cannot be found by the underlying security system."

 

Anyone can provide clues why other Outlook MAC users and via the web the message can be read, but just not PC Outlook users for now?

 

Thanks,.





Hi team, this is my first post and I have to admit to being a little desperate after trying dozens of so-called 'fixes' found in different corners of the web. My issue seems to be common enough, though the resolve isn't. I am a reasonable tech but not up with Exchange and related systems. I look after the IT of a company who are running older OSs and clients but are being forced to upgrade due to a number of reasons. They use a booking system where email messages are sent to them in what I am assuming is encrypted form - the icon on the message is a small blue padlock. They currently use Outlook 2000 and the messages open fine on those machines still running that version. However, simply upgrading to Outlook 2003 (I know, but this is the version they want to use) breaks things and the error when trying to view these messages now is the dreaded "Cannot open this message. Your Digital ID Name Cannot Be Found by the Underlying Security System". The thing is, on one of their machines, the upgrade went OK and the messages open fine. Their Exchange server host sent them a certificate/key file, which I can import OK, but I'm not convinced this key has anything to do with anything because Outlook still doesn't work and when I go into the Trust centre in the options dialogue there are no keys available for this function. The certificate/key shows up in the Internet Options dialogue under certificates but as I said, I'm not sure it is the right thing I need.

As you can tell, it is the blind leading the blind. I am out of my depth and aren't even sure of the correct language to use to convey the problem. I cannot fathom why one machine upgraded to Outlook 2003 and everything works while now 3 other machines have been upgraded using the same disk and procedure but they cannot open these messages. I even took the pst file to other machines and tried three different versions of Outlook - none would open the messages, with the error given above. I have read and tried several of the suggestions given in other posts but nothing has worked and I suspect this is because I am way off track rather than the fixes not being correct. Any further guidance or help would be greatly appreciated and I thank you for your time and expertise. Dave Thompson

 

 

 





We are getting an error while opening digitally signed email in Outlook 2003. The error message is "Cannot open this item. Your digital id name cannot be found by the underlying security system".

But the same email is opening fine Outlook 2007 onwards, even though it shows warning message at the first time saying to validate the recipient signature(subsequent emails are opening fine in 2007 with no warnings).

Is there any difference in interpretation of digital signature between 2003 and 2007.

we are using Java mail + Bouncy castle to generate digital signature.

Thanks for your time,

 

Regards,

Ravuthakumar

 

 




Hallo,

I'm trying to add thawte certificates on outgoing mail in sent from my
outlook 2002 clients. No no success, because exchange tells me that "Your
Digital ID name cannot be found by the underlying
security system"

If I set up an internal Certificate Authoritity with windows 2000, it works
correctly and has no problems at
all, but these certificates is for local use and not globally trusted.

I has seen similar problem posted by Joris, somebosy knows how to solve it?

Does Exchange require something to point to somewhere in the AD?

thank you

marco




I am having some issue's getting S/MIME working. I installed SP1 for Exchange 2007 and am trying to encrype messages through OWA and Mobile 6 devices.  I can read the encrypted messages on both devices but when I send encrypted email I am unable to open them. I get the following error "Cannot open this item. Your Digital ID name cannot be found by the underlying security system."

I went back and looked at the SP1 article on the site and everything looks perfect.

any help would be appreciated




Sorry for the doubel post.

Guys can anyone provide a suggested solution to this problem. I have a few
clients who cannot open encrypted emails. When I try to open the message, I
get the a dialog box with the following "Cannot open this item. Your digital
ID name cannot be found by the underlying security system"
Any ideas?




Hi all,
I am having a problem that I can't seem to figure out why it is happening.
I have sent an encrypted email to a person, they were able to open and reply
to it. When I try to open their reply message I get an error that says "Your
Digital ID name cannot be found by the underlying security system." I have
already tried having both me and the person I sent the message to re-download
the offline address book. This is not happening to everyone in my company
but it is happening to enough users that it is getting to be a problem.
Please advice. Any help is greatly appreciated.

Thank you all,
Gladys

Happy Holidays




I have a co-worker that his email encryption stopped working about three
weeks and I can't figure out why. I have tried deleting and reloading his
certificate from our CA(We have our own CA for the company so certificates
are generated by the server). I was able to get it to where he could send
encrypted emails again but he still can' receive them. Any time he tried to
open it he gets the error "Your digital ID name cannot be found by the
underlying security system". I downloaded Cryptigo p7mviewer to see what it
said the issue was and when I moved the email from outlook to p7mviewer it
said that problem was that my private key was not available. The way I
understand it he should not have or need my private key to open the email. I
went through and checked to make sure that I had his certificate trusted and
that he had mine and we both did. I verified the serial number on his to
make sure it wasn't an old copy he had deleted. What I need to know is why
his outlook is looking for my private key to decrypt the email when outlook
should have used his public key.

Thanks in advance for any help

-Nick




Guys can anyone provide a suggested solution to this problem. I have a few
clients who cannot open encrypted emails. When I try to open the message, I
get the a dialog box with the following "Cannot open this item. Your digital
ID name cannot be found by the underlying security system"
Any ideas?




I have a co-worker that his email encryption stopped working about three
weeks and I can't figure out why. I have tried deleting and reloading his
certificate from our CA(We have our own CA for the company so certificates
are generated by the server). I was able to get it to where he could send
encrypted emails again but he still can' receive them. Any time he tried to
open it he gets the error "Your digital ID name cannot be found by the
underlying security system". I downloaded Cryptigo p7mviewer to see what it
said the issue was and when I moved the email from outlook to p7mviewer it
said that problem was that my private key was not available. The way I
understand it he should not have or need my private key to open the email. I
went through and checked to make sure that I had his certificate trusted and
that he had mine and we both did. I verified the serial number on his to
make sure it wasn't an old copy he had deleted. What I need to know is why
his outlook is looking for my private key to decrypt the email when outlook
should have used his public key.

Thanks in advance for any help

-Nick




Hi, guys!

I'm trying to secure email between two organisations.

Both organisations are using Outlook 2003, Exchange 2003, Mailsweeper,
Server 2003 and Windows XP.

Both organisations have their own internal Entrust PKI to issue certificates.

Neither organisation can use their certificates with the built in Digital ID
support for Outlook 2003. This appears to be because the certificate type
that Entrust recommends for personal users is an RFC 822 compliant
certificate with a SubjectAlternateName field that contains all of the email
addresses of the individual - but Outlook 2003 looks for the optional E=
extension in the Subject field of the certificate instead and will never look
in SubjectAlternateName.

Since the Entrust based RFC 822 certificates don't have an E= field, they
can't be used.

This is annoying more than anything else; we're developing a new certificate
type that will be simultaneously RFC 822 compliant and also contain an E=
field in the subject line, but in the meantime still want to exchange
encrypted and signed emails.

So we thought we'd try something else while this development work takes place.

One organisation made the decision to switch cryptographic service provider
to the Entrust CSP and roll out Entrust Express + Entelligence. The other to
use Digital IDs from Verisign.

The results are...odd. And here's where I really need your help.

Organisation A, using Entrust Express, can sign or encrypt or both.

If the email is signed by Entrust, but not encrypted, the Mailsweeper
gateway flags it as malformed, because the crytpographic hash doesn't match.
This happens because the disclaimer added by the Exchange bridgehead server
on the way out changes what the hash should be when it's hashed again, so the
value in the signature.p7s file is now wrong. But legally, this company MUST
have a disclaimer added to each email as it leaves.

If the email is encrypted or encrypted and signed, it makes it through the
gateway just fine - that's because the signature.p7s matches the encrypted
attachement, which is all it refers to.

Organisation A can exchange encrypted and signed emails with test external
users using a variety of POP3 clients that also use POP3 (i.e. no Exchange
protocol, no X.400, no CCMAIL or MSMAIL or Pegasus or BlueMail, just vanilla
TCP/IP). This includes Outlook 2003, Entourage 2004, Eudora and Ximian, on
Windows XP, Vista, MacOS X and Ubuntu.

If the email is encrypted or encrypted and signed, the INBOUND Mailsweeper
in Organisation B flags it as malformed.

Adding an attachment of any type causes Mailsweeper to catch it outbound at
both organisations as malformed and this is still under investigation.

Organisation B is getting the classic "Your messge cannot be read because
the underlying security system cannot find the Digital ID name."

The fascinating thing here is that they can send signed emails, which
organisation can receive and read. The attached .p7c file can't be
added to the Entrust Address Book (unknown problem with Entrust Entelligence,
trouble ticket raised), but the public portion of the certificate can be
downloaded from Verisign in *.p7c format and installed manually.

They can also send encrypted emails, and sign them with their certificate.
They then can't read the emails that they just encrypted, getting the same
Digital ID name cannot be found error.

A lot of obvious stuff occurs right away, and we've tried the following to
resolve the issue:

1. Ensuring that the root CA relevant to the Verisign certificates is
installed.
2. Ensuring that in the Outlook Contacts, the users only have one Contact
per person and it has the right certificate and the certificate E= field and
the email address match. Outlook has the uncanny knack of UNERRINGLY picking
the wrong contact if there are two, one with the wrong certificate and one
with the right certificate.

This leaves us with the following theories:

1. Organisation B already has a Personal Certificate installed in the
Microsoft Ceritificate Store - exclusively for use with PEAP when
authenticating to their WiFi infrastructure. Because Outlook 2003 seems to
ALWAYS pick the wrong certificate if you have two Digital IDs for signing
email, it might be trying to pick up the WiFi certificate.

2. Both organisations us a Global Address List. The GAL contains entries for
each individual that contains multiple email addresses. When Outlook 2003
resolves your own address in this situation, it defaults to the X.400
address. Digital IDs can be issued with either X.400 or SMTP addresses, but
they can only be used to send encrypted email across the Internet using SMTP.
We think that the underlying security system might be able to encrypte using
a Digital ID with an SMTP address, but then can't open those emails because
the self-encryption is with the sender's SMTP address and the underlying
security system believes that the user is an X.400 user (remember, encrypting
and sending with S/MIME in most implementations encrypts twice: once to
send, with the recipient's public key and once for storage locally with the
sender's public key).

Both organisations are large (employees > 100,000).

While we could solve the confidentiality issue with site-to-site TLS or,
even easier, site-to-site VPNs at the network layer, this won't buy us
non-repudiability.

Non-repudiability is a key feature here. If we have to print, sign and fax,
then Microsoft's vision of a digital office is pretty much bust.

The Entrust, Mailsweeper and disclaimer issues we will pursue with the
companies contracted to provide 3rd level support for the issue and we've
engaged Microsoft for the Outlook 2003 problem, but I was hoping that someone
in the community would have seen something like this before and have an
answer.

Sincerely,
Nathan Dornbrook




I've received a signed message from somebody. Outlook 2000 and 2003 won't let me open the message, I just get an error "Can't open this item. Your Digital ID name can not be found by the underlying security system.". The message is not encrypted and can be read by Outlook 2007. Other mails received in the past open fine and when I open the problem mails in Outlook 2007, the signature is verified (as I installed the certificate from the older mails - ie. it's the same signature). I don't understand why I need a Digital ID to read a mail that is signed by somebody else, and I should be able to see it (with a warning) without the certificate at all.

Does anybody know how to work around this issue? Googling didn't come up with anything, most people's problems in this area seem to be related to encryption. The sender is using Notes according to the headers. Any ideas?




I receive the following message when I attempt to open an email with a
digital signature attached.

"Cannot open this item. Your Digital ID name can not be found by the
underlying security system."

The email server is Exchange Server 2003 Enterprise edition and I am using
Outlook 2003 for the client.




I've received a signed message from somebody. Outlook 2000 and 2003 won't let me open the message, I just get an error "Can't open this item. Your Digital ID name can not be found by the underlying security system.". The message is not encrypted and can be read by Outlook 2007. Other mails received in the past open fine and when I open the problem mails in Outlook 2007, the signature is verified (as I installed the certificate from the older mails - ie. it's the same signature). I don't understand why I need a Digital ID to read a mail that is signed by somebody else, and I should be able to see it (with a warning) without the certificate at all.

Does anybody know how to work around this issue? Googling didn't come up with anything, most people's problems in this area seem to be related to encryption. The sender is using Notes according to the headers. Any ideas?




I receive the following message when I attempt to open an email with a
digital signature attached.

"Cannot open this item. Your Digital ID name can not be found by the
underlying security system."

The email server is Exchange Server 2003 Enterprise edition and I am using
Outlook 2003 for the client.