Hello, I tried to generate a certificate that would be used to encrypt and sign mail in Outlook.
I has generated certificate with appropriate value for mail address (X509Name.E) in the certificate Subject. The values for "Key Usage" are "Digital Signature, Key Encipherment (a0)". The values for "Extend Key Usage" have the values: "Secure Email (1.3.6.1.5.5.7.3.4), Client Authentication (1.3.6.1.5.5.7.3.2) " The value of "Subject Alternative Name" has value: RFC822 Name = <email address>. When the generated certificate has imported into the Windows, Current user->Personal Store, under the certificate purpose(s) I only see message: "Provides your identity to a remote computer". There is NO message "Protects e-mail messages" but inside the section "Extend Key Usage" exist value "Secure Email (1.3.6.1.5.5.7.3.4)" ?! This seems very illogical to me ?! When I try to sign or encrypt the message with such generated certificate from Outlook (of course, I tried to encrypt message with another certificate generated in the same way for mail recipient email address) Outlook displays the message: "Microsoft Outlook cannot sign and encrypt this message because there are no a certificate that can be used to send from the e-mail address ... ". Does anyone have an idea of the problem and why a certificate in a Windows certificate store DOES NOT show message "Protects e-mail messages"? Thanks in advance, Best regards --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
