I previously asked this question here where I got redirected here:
http://answers.microsoft.com/en-us/office/forum/office_2013_release-outlook/mail-to-x509-certificates-subjectalternativename/c8ccc080-56e5-4061-9932-503c9ae39cac?tm=1392304489338
We have mail certificates (x509) with two mail addresses. The main one is in the field Subject/emailAddress. This main one and another are also in the field subjectAlternativeName of the X509v3 extension. It looks like this: http://pastebin.com/W50JHabW
Upon company entrance, each employee gets his certificate+key (P12) and the root certificate of the company which all certificates are signed with (PEM). He sets up his certificate in Outlook (we use version 2013 with Office365*) and also uploads it to
GAL. This works perfectly when everybody only uses the primary mail address from the Subject-field.
The issue is, when an email is addressed to the (shorter) alternative mail address and encryption is selected in the options, an error message comes up when trying to send the mail:
https://dl.dropboxusercontent.com/u/18781464/tmp/mailencryption1.png
It says "encryption problems - There are problems with encrypting the mail for one of the listed receivers. You may continue, but the mail won't get encrypted in that case."
The certificates are created using OpenSSL, following this example: http://wiki.cacert.org/FAQ/subjectAltName The only difference is, in the section alt_names, we don't use the subjectAlternativeName field for alternative DNS, but for alternative Emails. For
this, we use the field-names email.1, email.2, etc. The creation of the certificates is successful and the certificates can be displayed using OpenSSL or Windows Crypto Extensions.
How to get this working on Outlook 2013?
*) The Office365 Phone support redirected me to the outlook support (see first sentence) which redirected me here.