Google Verification

Wednesday, August 10, 2011

Clearing certificates from the Global Address List (GAL)

I worked with a company recently to deploy certificates for S/MIME encryption and signing.  They had an old Microsoft PKI that had issued certificates to all of their users, but in traditional fashion - nobody knew who installed it, or who was responsible for it.

After setting them up on our Managed Service Eval, we began issuing certificates to each of their users for testing purposes.  While e-mails would get encrypted OK, nobody could decrypt them.  They got the super informative message from Outlook: "Your digital ID name cannot be found by the underlying security system."  It turns out everyone had one or more Microsoft certificates published to the GAL, but nobody had the corresponding private keys on their computers.

To resolve this issue, we had to remove the old certificates from the GAL, and then publish the correct ones again.  To do this:

  • Open up the Trust Center from Outlook Options
  • "Trust Center Settings..."
  • "E-mail Security"
  • "Settings" (to the right of Default Setting:)
  • "Delete"
  • Close the Settings dialog
  • Select "Publish to GAL..."  It will ask you if you want to remove your existing published settings.
  • Select "Settings" again, and set your default security settings.
  • Select "Publish to GAL..." to publish your latest certificates...

For those that are interested, I've recorded a video of how to do this in Outlook 2010:



Posted by barrhavenite at
Labels:

8 comments:

  1. Amarjeet PrasadMay 10, 2012 at 6:26 AM

    I really like your blog. I look forward to seeing it once. Keep up the good job.

    intouch smartcards
    Smartcard readers

    ReplyDelete
  2. AnonymousdonorusAugust 14, 2012 at 4:14 PM

    I have to say I fought the old cert issue in my GAL for weeks. No one could figure how to clear out the old certs and I kept getting encrypted email using a cert I no longer had the priv key for. It would show both my certs in the GAL but default to the old one. This was a lifesaver. I am back in business. Thanks!

    ReplyDelete
  3. UnknownApril 25, 2017 at 6:02 AM

    Nice blog.
    Address Standardization Software

    ReplyDelete
  4. IdentisSeptember 3, 2019 at 12:45 AM


    Thanks for sharing information.Here is the information of IDENTIS that manufactures RFID tags:
    Smart Card

    ReplyDelete
  5. Jhon WalkerSeptember 20, 2019 at 3:07 AM

    Thanks for nice information blog post. Security is basic key to protect you home and family from thieves and criminal. I use wireless burglar alarm system to secure my home premises and family. It is affordable and easy to install. It easily access on your smartphone and you can monitor your home premises 24/7 day and night.

    ReplyDelete
  6. UnknownMarch 13, 2020 at 9:42 AM

    2020 and this solution still works. you rock man. Thank you

    ReplyDelete

Subscribe to: Post Comments (Atom)