Thursday, March 16, 2006

XP, Outlook & incoming message digital signatures

I started to get a let of emails that Outlook didn't like the look of. It's just In the sense that it complained it didn't know who signed them, and encouraged me to open it anyway.

All of these emails are from people in a closely related organisation, so I trust them. It's one of those commonplace organisational / IT snafus, where their IT group decide to faff about with their signatures, and not tell anyone else. Hooray for coordination.

The offending emails didn't open in the preview pane, I had to open a sub-window and choose 'View message', which is awkward.

From here, I found out the problem was that the signing was done ultimately from an unknown CA (they'd changed something...).

  1. by viewing the details of the message, and escalating the trust level, find the root (a whole lot of sub-windows are required for this...)
  2. save this certificate to disk somewhere
  3. open 'internet options' from control panel, and choose the 'content' tab
  4. choose the 'Certificates...' button in the middle Certificates section
  5. choose the 'Trusted Root Certification Authorities' tab
  6. choose 'Import...'
  7. browse to the cert file above, and choose it
  8. accept the rather odd warning
  9. close all windows
  10. close then open Outlook
  11. all messages appear as expected, but do have the signed 'rosetta' look about them

No comments: