In previous versions of Outlook (e.g. 2010) when you received an S/MIME signed certificate from an external party you could right click on their name in the message and select "Add to Outlook Contacts". This would then store the cert in a contact for future use. If a contact already existed then it would prompt you to update the contact with the additional information including the certificate.

In Outlook 2013 this process appears to be broken (for existing contacts at least).

When right-clicking on their name in a signed message you don't get the "Add to Outlook Contacts" option. You only get "Edit Contact" which brings up the new "Contact Card" dialog which has no information about certificates. If you make a change there and save then the certificate is not stored in the contact.

You can confirm this by right-clicking the sender in the signed email and selecting "Open Outlook Properties" (do not select "Open Contact Card"). In this view click the "Certificates" button in the header and you will see that there are no certificates associated with the contact.

You can, I guess, export the certificate to disk and then import it into the contact via the Outlook Properties dialog but this is tedious.

Any ideas how to work around this and update an existing contact with an S/MIME certificate?

Any ideas why the certificate information is not accessible in the new Contact Card dialog? Seems unfortunate for those of us using S/MIME.

Hi Barry,

This is a quick note to let you know that I am trying to involve someone familiar with this topic to further look at this issue.

Hello, Barry.  This worked for me.  It was not intuitive, but access to the certificate info for a contact is dependent upon the view style of your contacts list.  See the "Add a recipient's digital ID to your Contacts" section on this page:

http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx

You can access the old familiar certificates dialog where you can manage and import certificates for a contact.  hope this helps.

• Marked as answer by Barry-C Wednesday, July 31, 2013 9:12 AM

Hello, Barry.  This worked for me.  It was not intuitive, but access to the certificate info for a contact is dependent upon the view style of your contacts list.  See the "Add a recipient's digital ID to your Contacts" section on this page:

http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx

You can access the old familiar certificates dialog where you can manage and import certificates for a contact.  hope this helps.

• Marked as answer by Barry-C Wednesday, July 31, 2013 9:12 AM

Okay just found this thread, but the problem I have is everytime I attempt to open the message with the S/MIME Certification my Outlook crashes.  Any thoughts here?

Joel

Hi Joel,

We found that to be a known issue with KB2817468 (July critical patch) and Outlook 2013. Removing this patch fixed the problem. Microsoft has acknowledged the problem (see the note at the top of http://support.microsoft.com/kb/2817468) and will, I presume, release a new patch at some point.

Hope that helps,

Barry.

Hi Barry,

As per the following article, http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx and specifically the following section: Add a recipient's digital ID to your Contacts, the ability to see the Certificates depends on the view in which you are opening the Contact card.

In the People or Business Card view we cannot see the Certificates button.

In the Card, Phone or the List view we can see the Certificates tab where the Certificates can be seen.

So to work around this behavior, for new contacts you should Add to Outlook Contacts and then go into the People Pane and Check the Certificates tab to get the cert details.

If you already have the contact added then it becomes a little tricky.

In that case the Certificate is not updated on the "old contact". In such cases I would delete the existing contact and from the latest e-mail that I received, I would Add to Outlook Contacts and that should then get you the new Cert that you received.

If you still cannot access the Certificate information, I would call in and work with someone from the Outlook team to assist you further with this request.

Hope this helps!

Kartik Kashinath MSFT

The method suggested by Kartik works, but is a nuisance because the old contact's information is lost when deleting the previous copy. The new one doesn't necessarily include all or the correct information.

Office 2010 used to correctly identify existing (duplicate) contacts and merge them.

Microsoft: Why has this functionality been lost or removed?

Hello rocketpaddy, this fix does not appear to work in Outlook 2013.  The only viable means of adding a digital certificate in 2013 seem to be contact deletion and recreation, or manual export and import of the certificate.

This Outlook 2013 flaw ranks right up there with the Junk Mail notification bug.  Why is there not a way to import a digital certificate directly into an existing contact, and why does junk mail trigger an email notification?  Neither of these problems existed in Outlook 2010 so how did Microsoft take a step backward and create these flaws in 2013?  Microsoft, are you listening, fix this...

You can turn on the old right click dialog again by configuring the turnonlegacygaldialog Registry key.
See: E-mail properties for contact addresses in Outlook 2013

That also applies to received message, not just the Contact item window.

As for the Junk E-Mail Notification, I can't repro that here. Which mail account type are you using?
When you select the message in your Junk E-mail folder, does the Infobar indicate that it was moved there by the Junk E-mail Filter itself or something else?
See: Safe-listed mail still ends up in Junk E-mail folder

When viewing the Contact Certificates, I can see the Import option, but I do not see the option to actually save the Certificate from the original email.  How does one do that so that it can be imported to the existing Contact? 

There is a way to update the contact, but contrary to the information provided in the "Get a digital ID" (http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx) article, clicking "Edit Contact" does not update the certificate.

To update the certificate for an existing contact:

1. Right click the contact name in a signed email.
2. Click "Open Outlook Properties"
3. Click "Add to Contacts" button
4. (Optional) Click "Certificates" in the ribbon bar and verify the certificate is present
5. Click "Save & Close"
6. You will get "Duplicate Contact Detected" window if the contact name already exists, leave "Update information of selected Contact." selected and click the "Update" button.

Your existing contact will now have the signing certificate listed under "Certificates".

This took us two days of research, trial and error to figure out.. hope it helps someone else save some time.

• Proposed as answer by Dan7237 Tuesday, April 29, 2014 2:51 PM

There is a way to update the contact, but contrary to the information provided in the "Get a digital ID" (http://office.microsoft.com/en-us/outlook-help/get-a-digital-id-HA102748952.aspx) article, clicking "Edit Contact" does not update the certificate.

To update the certificate for an existing contact:

1. Right click the contact name in a signed email.
2. Click "Open Outlook Properties"
3. Click "Add to Contacts" button
4. (Optional) Click "Certificates" in the ribbon bar and verify the certificate is present
5. Click "Save & Close"
6. You will get "Duplicate Contact Detected" window if the contact name already exists, leave "Update information of selected Contact." selected and click the "Update" button.

Your existing contact will now have the signing certificate listed under "Certificates".

This took us two days of research, trial and error to figure out.. hope it helps someone else save some time.

• Proposed as answer by Dan7237 Tuesday, April 29, 2014 2:51 PM

Step 2 does not work as there is no "Open Outlook Properties" option from right clicking the contact name in a signed (and encypted) e-mail.

These Microsoft folks are brain dead in not getting one of the most important mail functionality wrong.

It get's better. I added a certificate of a contact by export/import and mailed that contact an encrypted message. Inspected encryption properties of the send message, it stated under "Encryption Layer":

"OK: Protected by 168 bit 3DES encryption. Encrypted for <the sender's, i.e. my e-mail address>"

Really? It should actually be "Encypted for <the recipient's e-mail address>"

It get's even better. When viewing the details, you get presented with the sender's certificate. What a joke.

Dan7273,

This has worked from me in the past but when I get to step #4 the cert does not show up, even if I "trust Explicitly" and "Trust Certificate Source" (Comodo) WTF Microsoft, I concur with the rest of the folks, this worked just fine (if it's possible to say that about email encryption) why is this now broken, and even worse why has this not been fixed!?

• Edited by Big_Mark Monday, September 15, 2014 10:24 PM typo

Dan7273,

This has worked from me in the past but when I get to step #4 the cert does not show up, even if I "trust Explicitly" and "Trust Certificate Source" (Comodo) WTF Microsoft, I concur with the rest of the folks, this worked just fine (if it's possible to say that about email encryption) why is this now broken, and even worse why has this not been fixed!?

• Edited by Big_Mark Monday, September 15, 2014 10:24 PM typo

The only way Ive found that works is:

1. Click the certificate icon on the right side of the email.
2. Click details
3. Click on the signers cert (the bottom one in the tree)
4. Click view details
5. Click view certificate
6. Select Details tab
7. Select copy to file and save cert in a temporary location.
8. Close cert/signature windows, navigate to contact in the address book, open contact.
9. Click certificates
10. Click import, navigate to previously stored cert,
11. click open
12. Test by replying to sender with encrypted e-mail (which gives them your cert).

This worked for me in the past, but as of a few weeks ago, seems to have stopped.  I can save sender as new contact, but can only send encrypted in a reply to the recevied encrypted e-mail.

When you get to the "Details" tab at View Certificate, which line item are you selecting to copy?

I've tried this numerous times and I get the pop up 'Microsoft Outlook had problems encrypting this message....blah blah blah'. I checked to make sure the certificate is there under the individual's contact profile and I've even looked at the properties of the certificate to make sure it reflects what I see when I look at the digital id within the sender's email.

It's getting old password protecting a document when it is so much easier to send an encrypted email.

• Edited by Sergeant P 13 hours 28 minutes ago