URGENT REQUEST: Certificates won't sign message

Hello All:

I have a real poser, and urgently need help.

When in the Domain (which XP Home cannot apparently belong, I was able to
request a certificate from the Enterprise CA I installed. This worked
wonderfully, but for whatever reason, it no longer does. I get a message
that "Outlook cannot digitally sign the message" for my email address.

I must have done something wrong, or not done something right. Is there a
Certificate Request file I should import? All of the certificates that
install are the IUSER_ certificates when I request a certificate from the
Enterprise CA (eg. //servername/certsrv.), even if I browse it from inside
Outlook 2002. I do have an OE client on another machine that doesw work,
but exporting the certificate then importing in XP still does not work.
PLEASE, oh PLEASE HELP.

1) Are you at a different computer than you used when you originally used
the certificate
2) Are you using the same email name
3) Were you allowed to export the certificate and its private key at the
original computer
4) If you are requesting certificate as IUSR_, then you are not
authenticating with the CA, you are coming in as an anonymous user

For email signing to work, the name in the subject/SAN of the certificate
must match the email name you use to send email
Brian

"WindowsServerAvatar" wrote in message
...
Hello All:

I have a real poser, and urgently need help.

When in the Domain (which XP Home cannot apparently belong, I was able to
request a certificate from the Enterprise CA I installed. This worked
wonderfully, but for whatever reason, it no longer does. I get a message
that "Outlook cannot digitally sign the message" for my email address.

I must have done something wrong, or not done something right. Is there a
Certificate Request file I should import? All of the certificates that
install are the IUSER_ certificates when I request a certificate from the
Enterprise CA (eg. //servername/certsrv.), even if I browse it from inside
Outlook 2002. I do have an OE client on another machine that doesw work,
but exporting the certificate then importing in XP still does not work.
PLEASE, oh PLEASE HELP.

1) I am using a different computer
2) Yes
3) No. It does not export the keys

This was a two-pronged question, actually. Important to get the sigs to
work, but more important is a way the requests can be processed offline.
Looked at Shawn Raybourns PPT, but it doesn't delve into creating
certificates for people, just web servers.

I think I need an example of using the utilities, apparently, for just
signing John G. Does emails for , or how to
authenticate with the CA from XP (e.g. force a logon, I guess).

"Brian Komar" wrote in message
...
1) Are you at a different computer than you used when you originally used
the certificate
2) Are you using the same email name
3) Were you allowed to export the certificate and its private key at the
original computer
4) If you are requesting certificate as IUSR_, then you are not
authenticating with the CA, you are coming in as an anonymous user

For email signing to work, the name in the subject/SAN of the certificate
must match the email name you use to send email
Brian

"WindowsServerAvatar" wrote in message
...
Hello All:

I have a real poser, and urgently need help.

When in the Domain (which XP Home cannot apparently belong, I was able to
request a certificate from the Enterprise CA I installed. This worked
wonderfully, but for whatever reason, it no longer does. I get a message
that "Outlook cannot digitally sign the message" for my email address.

I must have done something wrong, or not done something right. Is there
a
Certificate Request file I should import? All of the certificates that
install are the IUSER_ certificates when I request a certificate from the
Enterprise CA (eg. //servername/certsrv.), even if I browse it from
inside
Outlook 2002. I do have an OE client on another machine that doesw work,
but exporting the certificate then importing in XP still does not work.
PLEASE, oh PLEASE HELP.

Thank-you for your assistance: The Intranet server was using Integrated
Authentication, but from XP home, of course it did not. Now the question
is, how can this domain CA issue certificates for trusted entities. Does
this require other counterparties users be identified in this instance of
active directory, or is there a way to create a seperate domain for them if
that is what is required.

"Brian Komar" wrote in message
...
1) Are you at a different computer than you used when you originally used
the certificate
2) Are you using the same email name
3) Were you allowed to export the certificate and its private key at the
original computer
4) If you are requesting certificate as IUSR_, then you are not
authenticating with the CA, you are coming in as an anonymous user

For email signing to work, the name in the subject/SAN of the certificate
must match the email name you use to send email
Brian

"WindowsServerAvatar" wrote in message
...
Hello All:

I have a real poser, and urgently need help.

When in the Domain (which XP Home cannot apparently belong, I was able to
request a certificate from the Enterprise CA I installed. This worked
wonderfully, but for whatever reason, it no longer does. I get a message
that "Outlook cannot digitally sign the message" for my email address.

I must have done something wrong, or not done something right. Is there
a
Certificate Request file I should import? All of the certificates that
install are the IUSER_ certificates when I request a certificate from the
Enterprise CA (eg. //servername/certsrv.), even if I browse it from
inside
Outlook 2002. I do have an OE client on another machine that doesw work,
but exporting the certificate then importing in XP still does not work.
PLEASE, oh PLEASE HELP.