Hi,

I am trying to create using makecert tool a self-signed certificate to use it with MS outlook, so I can encrypt the messages sent from my companys Ms outlook to my home Ms outlook.

My user name is jd, my domain name at work is lets say domain1.com. My e-mail is jd@blah.com.

I dont know why my real domain part (from control panel System/Advance system settings and Computer Name/Domain properties which is domain1) in my e-maiI part is different blah) thats been set by our IT people.

I have created a self-signed certificate like this:

makecert -r -pe -n "E=jd@blah.com,CN=jan" -b 01/01/2005 -e 01/01/2060 -sky exchange -ss my c:\temp\jdaleckiTyco.cer

I attach the certificate just created above to my e-mail account (which jd@blah.com) using menu File/Options/Trust Center/ Trust Center Settings/E-mail Security then Settings under both Choose buttons (in Change Security Settings dialog box) I select the above created certificate click OK/OK and OK again.

Now when I try to send a new message to lets say user X and clicking in the Option menu on the Sign button I get a message from Microsoft Outlook ver.2014 (,s office 2010):

Microsoft Outlook cannot sign or encrypt this message because there are
no certificates which can be used to send from the e-mail. Either get a new digital ID to use with this account, or use the Account button to send the message using an account that you have certificate.

Would you have any suggestions please,

Janusz

• Moved by Fei XueMicrosoft contingent staff Tuesday, August 25, 2015 2:29 AM

That's fine Fei,

Thank you for pointing me to the right forum.

Regards,

Janusz

Hi,

As I'm not familiar with this tool, I suggest you contact the developer of this tool and make sure you have created the certificate correctly.

In addition, check the following steps:

Specify the digital ID to use
 
You might choose to have more than one digital ID one for your digital signature, which in many areas can have legal significance, and another for encryption.
1.Click the File tab.
2.Click Options.
3.Click Trust Center.
4.Under Microsoft Outlook Trust Center, click Trust Center Settings.
5.On the E-mail Security tab, under Encrypted e-mail, click Settings.
 
 Note    If you have a digital ID, the settings to use the digital ID are automatically configured for you. If you want to use a different digital ID, follow the remaining steps in this procedure.
6.Under Security Setting Preferences, click New.
7.In the Security Settings Name box, enter a name.
8.In the Cryptography Format list, click S/MIME. Depending on your certificate type, you can choose Exchange Security instead.
9.Next to the Signing Certificate box, click Choose, and then select a certificate that is valid for digital signing.
Note    To learn if the certificate is intended for digital signing and encryption, on the Select Certificate dialog box, click View Certificate. An appropriate certificate for cryptographic messaging (such as digital signing) might say, for example, "Protects email messages."
10.Select the Send these certificates with signed messages check box unless you'll be sending and receiving signed messages only within your organization.
Note    The settings that you choose become the default when you send cryptographic messages. If you dont want these settings to be used by default for all cryptographic messages, clear the Default Security Setting for this cryptographic message format check box.

Regards,

Melon Chen
TechNet Community Su