OL2002: Warning Error Message Appears When You Open a Certificate in an E-mail Message (278207)



The information in this article applies to:

  • Microsoft Outlook 2002
  • Microsoft Exchange 2000 Server

This article was previously published under Q278207
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

SYMPTOMS

When you receive an e-mail that has a certificate, the following Certificate Revocation List (CRL) error message may appear when you open the certificate in the e-mail message:
The digital signature on this message is invalid because there are problems with the certificate accompanying this message.
When you click Details, the following error messages are listed:
Error:
The system cannot validate the certificate used to create this signature because the issuer's certificate is either unavailable or invalid.

The system cannot determine whether the certificate used to create this signature is trusted or not.

This behavior occurs when the e-mail is sent through a computer that runs Exchange 2000 Server with Key Management Server (KMS).

CAUSE

This behavior can occur because Exchange 2000 Server does not install the CRL distribution extension in the registry by default.

WORKAROUND

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, add a registry key to enable CRL:
  1. Start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:

    HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook

  3. On the Edit menu, click New, and then click Key.
  4. Type Security to name the new subkey, and then click this new subkey.
  5. On the Edit menu, click Add Value, and then add the following registry value:

    Value name: UseCRLChasing
    Data type: REG_DWORD
    Radix: Hexadecimal
    Value data: 1

    Other values you can use are 0 (zero) to use the system default, or 2 to never check for CRLs.

  6. Quit Registry Editor.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Modification Type:MajorLast Reviewed:10/31/2003
Keywords:kbbug kbenv kbpending KB278207