Microsoft KB Archive/258527

= "Your digital ID name cannot be found by the underlying security system" error message when you send or open a digitally signed message in Outlook 2000 =

Article ID: 258527

Article Last Modified on 12/30/2005

-

APPLIES TO


 * Microsoft Outlook 2000 Standard Edition

-



This article was previously published under Q258527



SYMPTOMS
When you try to send a digitally signed message, or open an encrypted message that you have received, you may receive the following error message:

Your digital ID name cannot be found by the underlying security system



CAUSE
This behavior may occur if one of the following conditions is true:
 * The sender of an encrypted message uses a Public Key for the recipient that is not installed on the recipient's computer (such as an expired Digital ID).
 * Your digital certificate is damaged or corrupted.
 * Your digital certificate was set up in a single Microsoft Windows 95 or Microsoft Windows 98 profile environment, and multiple user profiles with a domain logon are enabled. The default computer profile has full access to the digital certificate, but other profiles for Windows cannot use it.



RESOLUTION
Using one of the following methods to resolve this behavior:
 * Verify that the sender has the correct Public Key for the recipient. You may have to examine the properties of the Certificate from the sender's computer, and then compare it with the recipient's current Digital ID properties.
 * Restart your computer, do not log on to the network. Click Cancel when you receive the prompt for the Microsoft Windows NT domain login. When the default Windows user Profile opens, export your digital certificate from your Microsoft Internet Explorer (including the Private Key) to a Personal Information Exchange (.PFX) file. Restart your computer, and then log on to your Windows NT domain. In your user profile for Windows, remove the digital certificate from your Personal Certificates in the Internet Explorer properties, and then import your digital certificate from the previously saved .PFX file.
 * If you have already exported the digital certificate to a .PFX file, remove the current digital certificate from your Personal Certificates in the Internet Explorer properties, and import your digital certificate from the previously saved .PFX file that you created by exporting your digital certificate with the Private Key information intact.
 * Remove the digital certificate from your Personal Certificates in the Internet Explorer properties, and replace the digital certificate by using your Certificate Authority service.

How to Export Your Digital Certificate from Internet Explorer

 * 1) Click Start, point to Settings, and then click Control Panel
 * 2) Double click the Internet or the Internet Options icon.
 * 3) Click the Content tab, and then click the Certificates button.
 * 4) On the Personal tab, click to select your digital certificate, and then click Export. If you have other certificates, repeat the steps 4 to 11 for each certificate.
 * 5) The Certificate Export Wizard appears, click Next.
 * 6) Click to select the Yes, export the private key button, and then click Next.
 * 7) By default, Personal Information Exchange - PKCS #12 (.PFX) should be selected. Verify that the Enable strong protection (requires IE 5.0, NT 5.0 or above) check box is selected (it is not necessary to select Export all certificates in the certification path), and then click Next.
 * 8) Enter and verify the password that you want to use for this certificate (it is important that you know this password when you import), and then click Next.
 * 9) In the File Name box, click Browse to locate the folder in which you want to store the Certificate file, name the file and verify that it is exported in the Personal Information Exchange (*.pfx) type, and then click Save. When you return to the Export File Name dialog box, you will see the path to the file. Click Next.
 * 10) In the Completing the Certificate Manager Export Wizard dialog box, the details of the export operation, including the file location and name, are listed. Click Finish to complete the export.
 * 11) Enter the password and click OK when you receive the password prompt.

How to Remove your Digital Certificate
 Click Start, point to Settings, and then click Control Panel Double click the Internet or the Internet Options icon. Click the Content tab, and then click the Certificates button. On the Personal tab, click to select your certificate, and then click Remove. If you have other certificates, repeat the steps 4 to 5 for each certificate. Click Yes when the Certificate Manager prompts you with the following message to remove the certificate:

You will not be able to decrypt data encrypted with the certificate(s). Do you want to delete the certificate(s)



How to Import your Digital Certificate from a Stored .PFX file

 * 1) Click Start, point to Settings, and then click Control Panel
 * 2) Double click the Internet or the Internet Options icon.
 * 3) Click the Content tab, and then click the Certificates button.
 * 4) On the Personal tab, click to select your certificate, and then click Remove. If you have other certificates, repeat the step 4 to 11 for each certificate.
 * 5) The Certificate Import Wizard will open, click Next.
 * 6) In the File to Import box, click Browse and locate the saved Certificate file with the extension .PFX, click the file, click Open, and then click Next.
 * 7) In the Password Protection for Private Keys box, type the password to access the file, click to select both the Enable strong private key protection and the Mark the private key as exportable check boxes, and then click Next.
 * 8) Click to select Automatically select the Certificate Store based on the type of certificate, and then click Next.
 * 9) In the Completing the Certificate Manager Import Wizard box the details of the import operation, including the file location and name, are listed. Click Finish to complete the import.
 * 10) The Private Key Container dialog box appears. Set the security level for the certificate, if you want to change the level of security (High, Medium or Low) that you use for your certificate.

NOTE: This is an important physical security aspect of your Private Key, in that no one can use your computer to send signed or encrypted messages or read encrypted messages without your password if you use High security. Medium security does not prompt you for you password, but will display a notification that the certificate is being used. Low security will not display any information when the Private key is used.

If you do not want to make a change to the security level, click the next button. If you want to change your security level, click Set Security Level, select the level of security, and then click Next.

When you change the security level, you can also change the password for your Private Key information.
 * 1) You will be prompted for your password and will have another opportunity to set the security level. You can click to select the Remember password check box, but this is not recommended if the physical security of the computer is in question. Click OK when the information has been provided to complete the Import operation.

How to Remove and Replace Your Digital ID with Your Certificate Authority

 * 1) If you do not have a ".PFX" file or cannot use the certificate in the default computer Profile, use the steps in the “How to Remove your Digital Certificate" section of this article.
 * 2) Go to the Web site for your Certificate Authority (where you obtained your Digital ID), and then apply for a replacement Digital ID.

The exact steps to replace your Digital ID vary according to your Certificate Authority.

NOTE: An important point to remember is that your former Digital ID is no longer valid. You need to let your recipients know that your Digital ID has been replaced, and they should replace your contact information with the current certificate.

Additional query words: OL2K

Keywords: kberrmsg kbprb kbprivacy kbdigitalsignatures kbdigitalcertificates KB258527

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.