Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, January 27, 2017 4:56 PM
Just moved from Outlook 2010 to 2016 on Exchange.
I'm having a problem saving a sender's certificate to my Contacts list. If I follow (worked fine in 2010) :
Add a contact and certificate received in an e-mail message to your contact list
Open the digitally signed message from the recipient.
Right-click the name in the From box, and then click Add to Contacts on the shortcut menu.
If you already have a contact entry for this person, select Update new information from this contact to the existing one.
This does not always result in the certificate being saved. I can inspect the cert and it says signing and encryption, but when I look in the Contact card, Certificates tab, the cert is not there.
Thanks in advance.
All replies (12)
Monday, January 30, 2017 10:35 AM
Hi,
Did you get any error message when the certificate failed to save with the contact?
Are you using cached Exchange mode or online Exchange mode? We may try to switching between the two modes and see if this issue continues.
In addition, if the certificate data for a contact is larger than 32 kilobytes, it could cause the certificate failed to save with the contact. If this is the case, you may try following the instructions in the following Microsoft Kb article and configure the MaxCertsSize registry entry to increase the limit.
Hope this helps.
Regards,
Steve Fan
Please remember to mark the replies as answers if they helped.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, February 2, 2017 2:06 PM
No, I don't get any errors at all.
I'm in cached mode and changing the setting makes no difference in behavior.
I can open the signed email and then switch my view to Contacts and see it saved when I right click and select Add to Contacts. The card details are there, but the certificate is not saved. This worked perfect in office 2010, but no longer. Also, these are .mil certs and viewing the trust status of the cert shows: E-Mail Encryption and Authentication.
Tuesday, February 7, 2017 2:09 PM
Just updating this thread.
I discovered that corporate issued certificates saved to Contacts as expected, but I was never able to get DoD certs to do the same. The Contact card would get the general information, but not the certificate.
Our IT department couldn't figure it out either, and after spending many hours troubleshooting, decided to roll back to Office 2010 and everything now works as expected.
There is some bug with Outlook 2016 and DoD certificates.
Wednesday, February 8, 2017 3:17 AM
Thank you for letting us know that. Have you posted to a DoD certificates dedicated forum or contacted the support of DoD certificates to confirm whether other users are encountering the same issue? If so, you could ask to see if there is any workaround/solution for this issue.
Regards,
Steve Fan
Please remember to mark the replies as answers if they helped.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Thursday, July 6, 2017 4:43 PM
I came to bump this. I am also having this problem. Outlook is not automatically saving incoming certificates and I cannot figure out how to manually save the cert to allow encrypted communications. It needs to happen automatically because my users aren't going to be manually saving certs. They need to be able to just mail each other. What is going on here?
Thursday, July 6, 2017 4:52 PM | 2 votes
The answer for me was that I had to delete the contact and then re-add it from a signed message.
For some reason Outlook 2016 can't handle an existing contact that later adds a certificate signature. I expect more from MicroSoft.
Thursday, October 26, 2017 6:29 PM
Right click on email sender (from), verify it is at least a signed message, click Outlook properties. Add to Contacts from there ( bottom left). This also gives you the option to import or export certs. Under the contacts tab, you finds user certs. :) Don’t forget to save before exiting
Thursday, May 24, 2018 10:23 PM
No, that doesn't work for me. I cannot find anything resembling "Outlook properties" or the old "Add to Contacts" option. All I get is an option to Edit Contact or Open Contact Card. I don't see anything that allows you to create a contact off of a signed email.
Very frustrating.
Thursday, July 19, 2018 3:47 PM
I am also unable to add certificates to contacts which are already in the address book. Very frustrating. The S/MIME implementation is just barely usable on so many levels in Outlook :-(
Please this Microsoft!
Wednesday, October 31, 2018 12:57 PM | 1 vote
Bump. This is still an issue in Office 365.
Users are able to automatically retrieve/save certificates from users within domain, when users publish their certs to GAL. However, receiving signatures from clients outside of the domain are not automatic. (These, I believe, are DoD certs as well.) When adding the external user to contacts, the "certifications" tab of their profile remains blank, even when adding to contacts from a message that contains the signature.
Oddly enough, my users can "reply" to signed messages with encryption, but sending a new message provides an error about "missing or invalid certificates."
Now, we can do the following:
- Save the external user to contacts
- Manually export the certificate to file from the signed message
- Manually import the file to the saved contact
However, this is extremely tedious for my users to do, when this should be a seamless process.
Other notes:
- Cached exchange mode is irrelevant
- Creating a new user profile achieves nothing
Please, tell me someone has figured this out.
Tuesday, November 6, 2018 10:08 PM
Double Bump. Valid .mil cert and I cannot save the contact from an external (to me) DoD organization. I can from commercial organizations however. Like you, when adding the external DoD user to contacts, the "certifications" tab of their profile remains blank, even when adding to contacts from a message that contains the signature.
I have tried exporting the signature and manually importing it with explicit trust for both the authority and the cert. Can not send an email to that contact without getting missing or invalid signatures.
Monday, June 17, 2019 11:09 PM | 1 vote
Triple Bump!
Adding a FRESH contact that has a Digital ID isn't working either. When both parties with Digital ID reply to each other they can start to encrypt the message. But if they start a new email, they have to send each other an unencrypted email first. One client is Outlook 2019 the other is Outlook 2016. Both can't add the opposing digital IDs. In the Trust Center -> Email Security -> Encrypted email (Settings...) -> Send these certificates with signed messages is checked
Please help on how to add the digital id certificate from the sending party properly.
Thanks
Note: this is a NON-Exchange environment. Both users using IMAP