Hi Everyone,

I've been given a task of implementing encryption on email client level, as corporate email sever is hosted and managed by a third-party company.  First I tested solution with free Comodo certificates which worked perfectly fine, but as they're free only for personal and not commercial use, I wanted to test a solution with certificates issued and signed by a local CA server.

For some reason (simplicity I guess) I decided it is easier to use Linux for issuing of the certificates, so I installed openssl, issued CA certificate and client certificates, signed by a CA certificate, imported all certificates into local certificate stores of the computers in my testing environment (client certificates to computers Personal certificates stores and CA certificate to Trusted Root Certification Authorities store), then imported client certificates into Outlook through Trust Center, exchanged digital signature between accounts, imported public keys of other contacts into my address book (I also added my contact and its digital signature to my address book and did the same for every other client) and it seemed to work fine. After exchanging couple of encrypted emails between accounts, a message "Cannot open this item. Your Digital ID name cannot be found by the underlying security system" started popping up every time I wanted to read an encrypted message. The same thing happens even when I try opening encrypted message in Sent Items folder that I have just been sent (we use Microsoft Outlook 2007 SP3 and all accounts are configured as POP3 using SSL/TLS connections). After restarting computers, everything seems to work fine again  but exactly the same thing happens after sending or receiving few encrypted emails.

All computers are members of the Windows domain (both forest and domain functional level is Windows 2003). All computers I used for testing are Windows XP SP3 32-bit or Windows XP SP2 64-bit. I imported certificates to local certificates stores, didn't distribute them through GPDoes anybody know solution to this problem or has anyone had any similar issues? Also, myother concern is accessing archived encrypted emails. Will clients be able to open emails after their certificates expire or are revoked?

Thank you in advance!

NB