Microsoft KB Archive/278207

= OL2002: Warning Error Message Appears When You Open a Certificate in an E-mail Message =

Article ID: 278207

Article Last Modified on 2/21/2007

-

APPLIES TO


 * Microsoft Outlook 2002 Standard Edition
 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q278207



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
When you receive an e-mail that has a certificate, the following Certificate Revocation List (CRL) error message may appear when you open the certificate in the e-mail message:

The digital signature on this message is invalid because there are problems with the certificate accompanying this message.

When you click Details, the following error messages are listed:

Error:

The system cannot validate the certificate used to create this signature because the issuer's certificate is either unavailable or invalid.

The system cannot determine whether the certificate used to create this signature is trusted or not.

This behavior occurs when the e-mail is sent through a computer that runs Exchange 2000 Server with Key Management Server (KMS).



CAUSE
This behavior can occur because Exchange 2000 Server does not install the CRL distribution extension in the registry by default.



WORKAROUND
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, add a registry key to enable CRL:  Start Registry Editor (Regedt32.exe). Locate and click the following key in the registry:

HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook

 On the Edit menu, click New, and then click Key. Type Security to name the new subkey, and then click this new subkey. On the Edit menu, click Add Value, and then add the following registry value:

Value name: UseCRLChasing

Data type: REG_DWORD

Radix: Hexadecimal

Value data: 1

Other values you can use are 0 (zero) to use the system default, or 2 to never check for CRLs.

 Quit Registry Editor.</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kbbug kbenv kbpending KB278207

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.