After setting them up on our Managed Service Eval, we began issuing certificates to each of their users for testing purposes. While e-mails would get encrypted OK, nobody could decrypt them. They got the super informative message from Outlook: "Your digital ID name cannot be found by the underlying security system." It turns out everyone had one or more Microsoft certificates published to the GAL, but nobody had the corresponding private keys on their computers.
To resolve this issue, we had to remove the old certificates from the GAL, and then publish the correct ones again. To do this:
- Open up the Trust Center from Outlook Options
- "Trust Center Settings..."
- "E-mail Security"
- "Settings" (to the right of Default Setting:)
- "Delete"
- Close the Settings dialog
- Select "Publish to GAL..." It will ask you if you want to remove your existing published settings.
- Select "Settings" again, and set your default security settings.
- Select "Publish to GAL..." to publish your latest certificates...
For those that are interested, I've recorded a video of how to do this in Outlook 2010:
