Topics Map > Campus Services > UW Digital ID
UW Digital ID (Personal Certificate) - Troubleshooting - Usage (Windows)
This document will provide troubleshooting steps for various UW Digital ID issues on Windows.
Entrust Certificate Revocation
If your digital certificate is reporting as invalid, please check the issuer of that certificate. You can see this information by following the instructions to verify your certificate installation below.
If the issuer of that certificate is "Entrust Education Shared Service Provider," you are using an old, revoked certificate. As of October 31, 2016, all old Entrust certificate holders should be using Comodo certificates.
If you do not have a Comodo certificate, please contact UW Digital ID Administration at uwdigitalid@doit.wisc.edu for instructions to issue a new certificate to you.
Verifying Certificate Installation
You should ensure that your digital certificate is installed properly before troubleshooting. This will confirm that your certificate was properly downloaded and installed.
-
Open the Windows menu and type certmgr.msc in the search bar, select certmgr.msc from the search results.
-
In the left hand sidebar, click Personal > Certificates.
-
Double click your certificate - the Issued By column should say "COMODO SHA-256 Client Authentication and Secure Email CA."
-
If you see the message "You have a private key that corresponds to this certificate," then your certificate is properly installed.
Email Client Troubleshooting
Behavior / Error Messages
Your From: and Signed by: addresses mismatch for your sent messages.
Resolution
Unfortunately, there is no known workaround with the Comodo certificates.
Behavior / Error Messages
You encounter one of the following error messages.
"Microsoft Outlook : Can't open this item - your digital ID name cannot be found by the underlying security system."
Resolution
The above error message occurs if there is not a digital certificate available for the sender or recipient on your workstation.
Outlook cannnot send a signed or encrypted or in some instances view an S/MIME message.
As a workaround, you can use the following instructions to manage certificates for Outlook 2007 and 2010.
Open a digitally signed message from the recipient.
Right-click on the name in the "From:" box and choose "Add to Outlook Contacts.
The contacts window will open next click on the "Save & Close" button in the upper-left corner.
Verify that you configured Outlook to send a clear text signed message when sending signed messages. Please refer to the instructions below in Outlook 2007 / 2010 / 2013: Messages display as encrypted when they are only signed
Behavior / Error Messages
Outlook indicates that a message you sent and digitally signed is also encrypted, even if you've indicated to not encrypt the message.
Resolution
If you encounter this issue, then you likely do not have the "Send clear text signed message when sending signed messages" setting enabled.
To verify if you have this setting enabled:
Outlook 2007
Click "Tools" in the Outlook menu bar.
Click "Trust Center".
Select "E-mail Security" in the left hand sidebar.
Verify that "Send clear text signed message when sending signed messages" is checked.
Outlook 2010 / 2013
Choose "File" in the Outlook menu bar.
-
Select "Options."
-
Click "Trust Center".
-
Click the "Trust Center Settings..." button.
-
Click "E-mail Security" in the left hand sidebar.
-
Verify that "Send clear text signed message when sending signed messages" is checked.
Behavior / Error Messages
If there is no digital certificate installed on the workstation, Outlook cannnot send a signed or encrypted S/MIME message. In this scenario, if the registry value below is not configured, the following error message will be displayed.
Either get a new digital ID to use with this account, or use the Accounts button to send the message using an account that you have certificates for."
Resolution
As a workaround, you can use the following instructions to make Outlook 2010 and 2013 not attempt to automatically sign or encrypt a reply or forward that was signed or encrypted.
Save the following file to your desktop: Outlook_Fix.reg
Right click on the file and choose Merge.
Click OK to ignore registry prompt.
Exit and restart Outlook.
For more information see: Outlook automatically tries to sign or encrypt the reply or forward
Another option is for the individual message that you are seeing the error you can un-check the sign and or encrypt option(s) and then click send.
Within the email message window under the "Options" Tab or Ribbon in the Permission section you will see two Mail Security icons, the red signing icon and the second is the blue encrypting icon make sure both are un-selected.
Behavior / Error Messages
Outlook hangs / crashes when sending a digitally signed message.
Resolution
Exporting your Digital Certificate Instructions
If you install the digital certificate via the Outlook import certificate method versus the Windows Certificate Import Wizard, the bug will occur.
To fix this issue:
Go to the Windows Start menu and click on Control Panel.
Click Network and Internet and then click Internet Options.
Click on Content.
-
Under the content tab under the Certificates section click on Certificates.
You will then be presented with the screen below:
-
Click on the certificate you wish to remove then click Remove.
-
Then re-install the digital certificate you backed up using the Windows Certificate Import Wizard rather than from the import certificate method within Outlook.
-
When done reinstalling return to Outlook 2013 and try to send a signed message after choosing Options | Sign: