Hello,

I was advised by a Microsoft Support Engineer to post this question here.

I tried Googling this, but have not found an answer.  The following information is taken from this article:  http://support.microsoft.com/kb/2482059.

1. In Outlook, click the File tab on the Ribbon, and then click Options.
2. In the Outlook Options dialog box, click Trust Center in the navigation pane on the left side.
3. Click the Trust Center Settings button in the details pane on the right side.
4. In the Trust Center dialog box, click E-mail Security in the navigation pane on the left side.
5. Click the Settings button in the details pane on the right side.

If the Signing Certificate and Encryption Certificate text boxes are blank, these blank boxes indicate that Outlook cannot automatically associate an S/MIME certificate with the email address that is specified in your email account. To try to configure the certificate(s) manually, click the Choose buttons.

***

What if the certificate does not appear on the list when the Choose button is clicked?

I have a customer who requested a new certificate from our CA to be used for encrypted email.  I have confirmed that the certificate is valid, meets all our requirements for a secure email certificate, is not expired, has been properly installed and appears in the Personal store on the local machine.  However, it does not appear as an option when he clicks the Choose button.

What would cause this behavior?

Thanks in advance for any help that you can offer!

--Tom

Hi,

I'm currently doing research on this issue. First make sure you Office has been fully patched, check if this helps.

We can also create a new Outlook Profile to perform the steps again, check if it makes a difference:

http://support.microsoft.com/kb/829918/en-us

Regards,

Melon Chen
TechNet Community Support

• Marked as answer by Melon Chen CHNMicrosoft contingent staff, Moderator Monday, July 07, 2014 9:38 AM
• Unmarked as answer by thomasm516 Monday, August 11, 2014 4:29 PM

Thanks for the reply.  My apologies for not getting back to you sooner.

I was finally able to get in touch with my customer, and they confirmed that the machine is fully patched and that a profile rebuild did not resolve the issue.  Also, I had our AD Administrator confirm that the certificates requested by the customer are valid.  The level one tech that I am working with has indicated that they can install the certificate and that it is visible in the local store and in AD (On the Published Certificates tab).  It seems like it should work, but when they go to manually configure the certificates in the Trust Center, the certificate simply does not appear as an option.

--Tom

The level 1 tech that I was working with never returned any of my emails or voice mails, and so I was unable to gather information and update this thread.

However, I recently ran across this issue again with a different user, and I since I was working the issue myself, I was able to figure out the problem.  Basically, the email encryption certificate did not contain a private key.  Encrypted email cannot be decrypted without the private key, so while the certificate showed valid dates and was installed on the machine, it could not be used for decrypting email.  Outlook will not even list certificates that do not contain a private key.

As for the situation that prompted me to create the original post, I am uncertain exactly what happened in that case since it was supposedly a new certificate requested from the CA, but the bottom line is that a certificate without a private key fully explains all the symptoms originally reported.  I suspect there was more to the story that I was never told and that it was also a case of a missing private key.

--Tom

• Marked as answer by thomasm516 14 hours 13 minutes ago