I am totally stuck on this issue. I am implementing Smart cards for Logging in and sending encrypted email. I sucessfully did the templates etc and the certs are on the smartcard.... I can use the smart card to send email and also log onto the computer. The problem that I have is that if I send an encrypted email to my other test user, they cant open the encrypted email unless I walk to HIS desk and use MY Smartcard.... I find this very odd that I have this issue. This also happens vice versa as well. If he sends me a encrypted email, i receive the email but my smartcard wont open it, only his smartcard will open the email from my computer. I am missing something but I dont know want. Does anyone have any suggestions please. Thanks

Sounds like you do not have the public certificates that your smart cards are encrypting the emails with.

On Wed, 21 Apr 2010 20:56:10 +0000, JerrySAS wrote:>>>I am totally stuck on this issue. I am implementing Smart cards for Logging in and sending encrypted email. I sucessfully did the templates etc and the certs are on the smartcard.... I can use the smart card to send email and also log onto the computer. The problem that I have is that if I send an encrypted email to my other test user, they cant open the encrypted email unless I walk to HIS desk and use MY Smartcard.... I find this very odd that I have this issue. This also happens vice versa as well. If he sends me a encrypted email, i receive the email but my smartcard wont open it, only his smartcard will open the email from my computer. I am missing something but I dont know want. Does anyone have any suggestions please.Have you published the public certificates in your AD (you can useOutlook to do this if the user has permissions to do so)? Or installedthe public certs in your personal certificate store?---Rich MatheisenMCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Hmm, on the Cert template I am using, I do have it Checked for "Publish Certificate in Active Directory" Is this what you are referring to?

On Thu, 22 Apr 2010 15:09:27 +0000, JerrySAS wrote: > > >Hmm, on the Cert template I am using, I do have it Checked for "Publish Certificate in Active Directory" Is this what you are referring to? It is if it's doing that! Have you checked the properties of a few users to see if the cert's are, in fact, published in the AD? --- Rich Matheisen MCSE+I, Exchange MVP--- Rich Matheisen MCSE+I, Exchange MVP

Sounds like you do not have the public certificates that your smart cards are encrypting the emails with. Hi, I think so. If you want to encrypt a mail, you need to get the recipient's public key to encrypt it, then recipient use his private key to decrypt mails to read it. "they cant open the encrypted email unless I walk to HIS desk and use MY Smartcard.... " Seems like you encrypt mails with your public key, thus you can open encrypted mails with you smartcard(private key). Do you install CA? Could you share the document to complement smart card? Frank Wang

Yes I checked my AD acct and the Cert is there. So as of right now I have 2 Smartcard users setup. If I send an encrypted email to the other user, they will receive the email but their card cant open the email. If I use my Smartcard on their computer and type in my PIN, it will open the email. This is very odd.

On Tue, 27 Apr 2010 18:02:28 +0000, JerrySAS wrote: >Yes I checked my AD acct and the Cert is there. So as of right now I have 2 Smartcard users setup. If I send an encrypted email to the other user, they will receive the email but their card cant open the email. If I use my Smartcard on their computer and type in my PIN, it will open the email. This is very odd. If you send a signed (not sealed) message can the recipient store your cert on his machine? If he can, does sending him a sealed (encrypted) message work after that? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP