Microsoft KB Archive/202366

= Outlook 98 Does Not Read Certificates Created by Certificate Server =

Article ID: 202366

Article Last Modified on 6/23/2005

-

APPLIES TO


 * Microsoft Internet Information Server 4.0

-



This article was previously published under Q202366



We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx



SYMPTOMS
Outlook 98 does not read certificates created by Microsoft Certificate Server. Outlook 98 is sensitive to the contents of the KeyUsages field. Specifically, if either KeyEncipherment or DigitalSignature is used, then both must be set.



CAUSE
The default policy module shipped with the Windows NT Option Pack only sets KeyEnchipherment and not DigitalSignature. Therefore, Outlook 98 does not read certificates created by Certificate Server running the default policy module.



RESOLUTION
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

152734 How to Obtain the Latest Windows NT 4.0 Service Pack



WORKAROUND
You can also work around this issue by modifying the default policy module to set both KeyEncipherment and DigitalSignature or neither when you are issuing mail certificates.



STATUS
Microsoft has confirmed this to be a problem in Internet Information Server version 4.0. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4.



MORE INFORMATION
The source code for the default policy module is available as part of the Windows Base Services component of the Platform SDK from MSDN.

