|
|
"Your digital ID name cannot be found by the underlying security system".
This is the error message I continually receive whenever I try to send a
signed email.
I purchased and loaded a VeriSign Digital ID. All went well. Everything
seems to be in place where it should be. Loaded in IE and associated with
Outlook. This is all on my stand-alone home computer running a DSL connection.
Windows XP
IE7
SP2
Outlook 2003
I have written VeriSign abpout this error and have mostly received form
responses refering to help pages on their site. I have followed all the
advice and still no remedy.
Has anyone run into this issue and had it resolved, so that the Verisign ID
will work with signing outgoing email?
Any advice would be appreciated.
Michael
|
|
rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > "Your digital ID name cannot be found by the underlying security
> system". This is the error message I continually receive whenever I
> try to send a signed email.
>
> I purchased and loaded a VeriSign Digital ID. All went well.
> Everything
> seems to be in place where it should be. Loaded in IE and associated
> with Outlook. This is all on my stand-alone home computer running a
> DSL connection.
Describe the exact steps you took to load the ID and "associate" it with
Outlook.
--
Brian Tillman
|
|
"Brian Tillman" wrote:
[Quoted Text] > Describe the exact steps you took to load the ID and "associate" it with
> Outlook.
--
Brian Tillman
Brian -
Thank you for your response to my issue. As a novice to all this I will try
to do my best in explaining the steps taken and the error encountered.
Initial Purchase and Procedure:
* I purchased a VeriSign Digital ID, for the purpose of “signing†and
“encrypting†out-going email messages
* after the initial purchase process, I received an email from VeriSign with
Digital ID Pin #. I highlighted and copied this pin
* I then went to the VeriSign Digital ID Center, and pasted the pin in the
appropriate field and then submitted it for installation
* the installation process proceeded and a final message was received that
the VeriSign Digital ID had been properly installed in my system
* I went to IE7/Tools/Internet Options/Content/Certificates and assured that
my digital ID had been installed. It was listed there
* I then followed the instructions from the VeriSign “What Do You Do Next?â€
page, and associated my new ID with my email program, which is Outlook 2003
* in Outlook I went to Tools/Options/Security tab
* I then chose my digital ID for “signing†emails. My digital ID was
properly listed in the choice list (it was the only one listed). I repeated
this for choosing my digital ID for “encrypting†emails
* theoretically, I should be all set to go at this point
The Error Encountered:
* I opened a new email message - wrote my message - chose my intended
recipients - then clicked the “sign†email button in my Outlook toolbar - and
then clicked on Send.
* after a long pause I then received the error message, “Your digital ID
name cannot be found by the underlying security systemâ€
Steps Taken to Try to Correct The Error:
* I checked IE7 to assure that my certificate was still listed - it was
* I double-checked Outlook to assure that my cert was still chosen for
signing and encrypting - they were
* I have had many email exchanges with VeriSign ID support. Received back
mostly form letters stating that I had not followed instructions and
“associated†my ID with Outlook
* I have replaced the original certificate three times, but have continued
to encounter the exact same error issue
* the first time I replaced the original certificate, I simply went to the
appropriate VeriSign page - and selected replacement of certificate. I
followed the proper install/association steps, as outlined above. Still
encounter the same error message
* before the next two replacements, I first deleted my existing certificate
in IE7, and then checked Outlook to assure that the certificate was still not
listed. It was not. I then replaced the cert. Again all steps seemed to work
as they should. However, I still encountered the same error message.
Side Fact:
* Several months ago I had first downloaded and installed (using the above
mentioned steps) a “trial†version of the digital ID. It all worked great.
Whenever I used the feature, all went as it should, and I never encountered
any error messages of any kind. It has only been since an installation of a
full new certificate that this same error of “Your digital ID name cannot be
found by the underlying security system†keeps occurring.
As posted earlier, my OS and programs are:
* XP (w/the latest SP2)
* IE7
* Outlook 2003
I trust that these details may be somewhat helpful in attempts to resolve
this error issue. I certainly appreciate all the help I can received from
those more technical experts than myself.
Again, thank you in advance for all your assistance with this frustrating
problem.
Michael
|
|
rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > Initial Purchase and Procedure:
....snip...
That should be correct. One thing I'd like to to check, though. In
IE>Tools>Internet Options>Content>Certificates, select yuor certificate,
click Export, then Next. Make sure you have two radio buttons, one to
exporting the private key and one to not export it. Make sure they are both
active. (Were I you, I'd select the button to export the private key and
continue the export process so that I had a copy of my key in a file. I'd
also put a copy on a diskette and, perhaps, on a memory stick so that I had
a copy in case something were to happen to my PC.)
> The Error Encountered:
> * I opened a new email message - wrote my message - chose my intended
> recipients - then clicked the “sign†email button in my Outlook toolbar -
> and
> then clicked on Send.
> * after a long pause I then received the error message, “Your digital ID
> name cannot be found by the underlying security systemâ€
....snip...
> Steps Taken to Try to Correct The Error:
....snip...
> Side Fact:
....snip...
Well, you've done everything I can think of with one exception: a new
WIndows user profile. A bit of overkill, perhaps, though. Sorry I can't be
more helpful.
--
Brian Tillman
|
|
Brian -
You have been very helpful, although the issue has not been rectified yet.
I followed your advice to export the newly replaced certificate (yes, I
tryied that again - a replacement cert). When doing so I found that the
export private key radio button was dimmed, and received the message that the
export wizard could not locate the private key. I am back with emails to
VeriSign to find out what is happening with the private key, and hope to hear
back from them tomorrow (5/16).
Based upon what I just shared, is there any explanations you can offer?
Thanks for hanging in there with me. Because of your suggestion I at least
might have another clue into the mystery.
Again, Thanks!
Michael
"Brian Tillman" wrote:
[Quoted Text] > rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
>
> > Initial Purchase and Procedure:
> ....snip...
>
> That should be correct. One thing I'd like to to check, though. In
> IE>Tools>Internet Options>Content>Certificates, select yuor certificate,
> click Export, then Next. Make sure you have two radio buttons, one to
> exporting the private key and one to not export it. Make sure they are both
> active. (Were I you, I'd select the button to export the private key and
> continue the export process so that I had a copy of my key in a file. I'd
> also put a copy on a diskette and, perhaps, on a memory stick so that I had
> a copy in case something were to happen to my PC.)
>
> > The Error Encountered:
> > * I opened a new email message - wrote my message - chose my intended
> > recipients - then clicked the “sign†email button in my Outlook toolbar -
> > and
> > then clicked on Send.
> > * after a long pause I then received the error message, “Your digital ID
> > name cannot be found by the underlying security systemâ€
> ....snip...
> > Steps Taken to Try to Correct The Error:
> ....snip...
> > Side Fact:
> ....snip...
>
> Well, you've done everything I can think of with one exception: a new
> WIndows user profile. A bit of overkill, perhaps, though. Sorry I can't be
> more helpful.
> --
> Brian Tillman
>
>
|
|
rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > I followed your advice to export the newly replaced certificate (yes,
> I tryied that again - a replacement cert). When doing so I found that
> the export private key radio button was dimmed, and received the
> message that the export wizard could not locate the private key. I am
> back with emails to VeriSign to find out what is happening with the
> private key, and hope to hear back from them tomorrow (5/16).
That's a sign that your certificate was damaged somehow and could very well
account for the error.
--
Brian Tillman
|
|
Brian -
Well, I emailed VeriSign and advised them of the damaged certificate with
missing private key. Their reply was:
"Unfortunately, VeriSign only issues the license or certificate. If you are
having issues with the certificate with your mail software, please contact
you mail software vendor directly."
In short it seems that they claim that the cert, which I have replaced
several times now, is not damaged, and that it is only my system that is
screwing the process up. I have followed their directions to the "T", and
have associated the cert according to their specifications. I don't see where
I am going wrong here. Yet, everytime I try to export my installed cert to
another safe place, as you suggested, the wizard tells me that it cannot find
the private key.
Can it be that my Outlook 2003 only is causing the problem? I find that hard
to believe, since the wizard cannot find the private key even "before" I
associate it with Outlook.
Any other suggestions, or is this just a lost cause?
Thanks for the help. It is appreciated.
Michael
"Brian Tillman" wrote:
[Quoted Text] > rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
>
> > I followed your advice to export the newly replaced certificate (yes,
> > I tryied that again - a replacement cert). When doing so I found that
> > the export private key radio button was dimmed, and received the
> > message that the export wizard could not locate the private key. I am
> > back with emails to VeriSign to find out what is happening with the
> > private key, and hope to hear back from them tomorrow (5/16).
>
> That's a sign that your certificate was damaged somehow and could very well
> account for the error.
> --
> Brian Tillman
>
>
|
|
Brian -
I don't know what to think. As another course of action, I subscribed to a
didgital id from another source, other than VeriSign, and received the exact
same results, when installing/associating.
Maybe it is some setting in my IE7, that does not allow in import of the
private key with the cert.
Michael
|
|
rev michael <revmichael[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > I don't know what to think. As another course of action, I subscribed
> to a didgital id from another source, other than VeriSign, and
> received the exact same results, when installing/associating.
>
> Maybe it is some setting in my IE7, that does not allow in import of
> the private key with the cert.
We get certs from VeriSign and all allow the exportation of the private key,
except for those who decided not to back up their certs as I told them to
when they requested one, and then changed their PC or user account and
wonder why they can't read encrupted mail any more. I use IE7 and don't
have the problem you describe.
While I don't understand the underlying data structures of the crytpo store
IE uses, may things can go wrong. With about 150 people here having
certificates, I've run into a lot of them. Unless you have your own PKI
infrastructure with private key recovery, certs tend to be fragile, at least
in my opinion. Your symptoms sound to me like a damaged WIndows user
profile. Is there any way you could try this with a new Windows user? You
might have to get a new cert to test or, perhaps, try to download it again
from VeriSign. Thawte provides free mail certs for personal use, I believe,
and you could test with one of those.
--
Brian Tillman
|
|
|