"Your Digital ID Name Cannot be Found"

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

"Your digital ID name cannot be found by the underlying security system".
This is the error message I continually receive whenever I try to send a
signed email.

I purchased and loaded a VeriSign Digital ID. All went well. Everything
seems to be in place where it should be. Loaded in IE and associated with
Outlook. This is all on my stand-alone home computer running a DSL connection.

Windows XP
IE7
SP2
Outlook 2003

I have written VeriSign abpout this error and have mostly received form
responses refering to help pages on their site. I have followed all the
advice and still no remedy.

Has anyone run into this issue and had it resolved, so that the Verisign ID
will work with signing outgoing email?

Any advice would be appreciated.


Michael
 
rev michael said:
"Your digital ID name cannot be found by the underlying security
system". This is the error message I continually receive whenever I
try to send a signed email.

I purchased and loaded a VeriSign Digital ID. All went well.
Everything
seems to be in place where it should be. Loaded in IE and associated
with Outlook. This is all on my stand-alone home computer running a
DSL connection.
Click to expand...

Describe the exact steps you took to load the ID and "associate" it with
Outlook.
 
Brian Tillman said:
Describe the exact steps you took to load the ID and "associate" it with
Outlook.
Click to expand...
--
Brian Tillman



Brian -

Thank you for your response to my issue. As a novice to all this I will try
to do my best in explaining the steps taken and the error encountered.

Initial Purchase and Procedure:
* I purchased a VeriSign Digital ID, for the purpose of “signing†and
“encrypting†out-going email messages
* after the initial purchase process, I received an email from VeriSign with
Digital ID Pin #. I highlighted and copied this pin
* I then went to the VeriSign Digital ID Center, and pasted the pin in the
appropriate field and then submitted it for installation
* the installation process proceeded and a final message was received that
the VeriSign Digital ID had been properly installed in my system
* I went to IE7/Tools/Internet Options/Content/Certificates and assured that
my digital ID had been installed. It was listed there
* I then followed the instructions from the VeriSign “What Do You Do Next?â€
page, and associated my new ID with my email program, which is Outlook 2003
* in Outlook I went to Tools/Options/Security tab
* I then chose my digital ID for “signing†emails. My digital ID was
properly listed in the choice list (it was the only one listed). I repeated
this for choosing my digital ID for “encrypting†emails
* theoretically, I should be all set to go at this point

The Error Encountered:
* I opened a new email message - wrote my message - chose my intended
recipients - then clicked the “sign†email button in my Outlook toolbar - and
then clicked on Send.
* after a long pause I then received the error message, “Your digital ID
name cannot be found by the underlying security systemâ€

Steps Taken to Try to Correct The Error:
* I checked IE7 to assure that my certificate was still listed - it was
* I double-checked Outlook to assure that my cert was still chosen for
signing and encrypting - they were
* I have had many email exchanges with VeriSign ID support. Received back
mostly form letters stating that I had not followed instructions and
“associated†my ID with Outlook
* I have replaced the original certificate three times, but have continued
to encounter the exact same error issue
* the first time I replaced the original certificate, I simply went to the
appropriate VeriSign page - and selected replacement of certificate. I
followed the proper install/association steps, as outlined above. Still
encounter the same error message
* before the next two replacements, I first deleted my existing certificate
in IE7, and then checked Outlook to assure that the certificate was still not
listed. It was not. I then replaced the cert. Again all steps seemed to work
as they should. However, I still encountered the same error message.

Side Fact:
* Several months ago I had first downloaded and installed (using the above
mentioned steps) a “trial†version of the digital ID. It all worked great.
Whenever I used the feature, all went as it should, and I never encountered
any error messages of any kind. It has only been since an installation of a
full new certificate that this same error of “Your digital ID name cannot be
found by the underlying security system†keeps occurring.

As posted earlier, my OS and programs are:
* XP (w/the latest SP2)
* IE7
* Outlook 2003

I trust that these details may be somewhat helpful in attempts to resolve
this error issue. I certainly appreciate all the help I can received from
those more technical experts than myself.

Again, thank you in advance for all your assistance with this frustrating
problem.


Michael
 
rev michael said:
Initial Purchase and Procedure:
Click to expand...
....snip...

That should be correct. One thing I'd like to to check, though. In
IE>Tools>Internet Options>Content>Certificates, select yuor certificate,
click Export, then Next. Make sure you have two radio buttons, one to
exporting the private key and one to not export it. Make sure they are both
active. (Were I you, I'd select the button to export the private key and
continue the export process so that I had a copy of my key in a file. I'd
also put a copy on a diskette and, perhaps, on a memory stick so that I had
a copy in case something were to happen to my PC.)
The Error Encountered:
* I opened a new email message - wrote my message - chose my intended
recipients - then clicked the “sign†email button in my Outlook toolbar -
and
then clicked on Send.
* after a long pause I then received the error message, “Your digital ID
name cannot be found by the underlying security system†....snip...
Steps Taken to Try to Correct The Error: ....snip...
Side Fact:
Click to expand...
....snip...

Well, you've done everything I can think of with one exception: a new
WIndows user profile. A bit of overkill, perhaps, though. Sorry I can't be
more helpful.
 
Brian -

You have been very helpful, although the issue has not been rectified yet.

I followed your advice to export the newly replaced certificate (yes, I
tryied that again - a replacement cert). When doing so I found that the
export private key radio button was dimmed, and received the message that the
export wizard could not locate the private key. I am back with emails to
VeriSign to find out what is happening with the private key, and hope to hear
back from them tomorrow (5/16).

Based upon what I just shared, is there any explanations you can offer?

Thanks for hanging in there with me. Because of your suggestion I at least
might have another clue into the mystery.

Again, Thanks!


Michael
 
rev michael said:
I followed your advice to export the newly replaced certificate (yes,
I tryied that again - a replacement cert). When doing so I found that
the export private key radio button was dimmed, and received the
message that the export wizard could not locate the private key. I am
back with emails to VeriSign to find out what is happening with the
private key, and hope to hear back from them tomorrow (5/16).
Click to expand...

That's a sign that your certificate was damaged somehow and could very well
account for the error.
 
Brian -

Well, I emailed VeriSign and advised them of the damaged certificate with
missing private key. Their reply was:

"Unfortunately, VeriSign only issues the license or certificate. If you are
having issues with the certificate with your mail software, please contact
you mail software vendor directly."

In short it seems that they claim that the cert, which I have replaced
several times now, is not damaged, and that it is only my system that is
screwing the process up. I have followed their directions to the "T", and
have associated the cert according to their specifications. I don't see where
I am going wrong here. Yet, everytime I try to export my installed cert to
another safe place, as you suggested, the wizard tells me that it cannot find
the private key.

Can it be that my Outlook 2003 only is causing the problem? I find that hard
to believe, since the wizard cannot find the private key even "before" I
associate it with Outlook.

Any other suggestions, or is this just a lost cause?

Thanks for the help. It is appreciated.


Michael
 
Brian -

I don't know what to think. As another course of action, I subscribed to a
didgital id from another source, other than VeriSign, and received the exact
same results, when installing/associating.

Maybe it is some setting in my IE7, that does not allow in import of the
private key with the cert.


Michael
 
rev michael said:
I don't know what to think. As another course of action, I subscribed
to a didgital id from another source, other than VeriSign, and
received the exact same results, when installing/associating.

Maybe it is some setting in my IE7, that does not allow in import of
the private key with the cert.
Click to expand...

We get certs from VeriSign and all allow the exportation of the private key,
except for those who decided not to back up their certs as I told them to
when they requested one, and then changed their PC or user account and
wonder why they can't read encrupted mail any more. I use IE7 and don't
have the problem you describe.

While I don't understand the underlying data structures of the crytpo store
IE uses, may things can go wrong. With about 150 people here having
certificates, I've run into a lot of them. Unless you have your own PKI
infrastructure with private key recovery, certs tend to be fragile, at least
in my opinion. Your symptoms sound to me like a damaged WIndows user
profile. Is there any way you could try this with a new Windows user? You
might have to get a new cert to test or, perhaps, try to download it again
from VeriSign. Thawte provides free mail certs for personal use, I believe,
and you could test with one of those.
 
MichaelR said:
Hi there, did you find any solution to that problem?
Click to expand...

And what problem is that? You quoted nothing of the message to which you
believe you replied and gave no details of your own configuration and what
you're doing to elicit the error. None of us is clairvoyant.
 
Brian Tillman said:
And what problem is that? You quoted nothing of the message to which you
believe you replied and gave no details of your own configuration and what
you're doing to elicit the error. None of us is clairvoyant.
Click to expand...

what an asinine reply.
 
down with tyranny said:
what an asinine reply.
Click to expand...

Care to explain why you think this? I merely stated fact. Poeple who can't
accept fact need medical attention.
 
Brian Tillman said:
We get certs from VeriSign and all allow the exportation of the private key,
except for those who decided not to back up their certs as I told them to
when they requested one, and then changed their PC or user account and
wonder why they can't read encrupted mail any more. I use IE7 and don't
have the problem you describe.

While I don't understand the underlying data structures of the crytpo store
IE uses, may things can go wrong. With about 150 people here having
certificates, I've run into a lot of them. Unless you have your own PKI
infrastructure with private key recovery, certs tend to be fragile, at least
in my opinion. Your symptoms sound to me like a damaged WIndows user
profile. Is there any way you could try this with a new Windows user? You
might have to get a new cert to test or, perhaps, try to download it again
from VeriSign. Thawte provides free mail certs for personal use, I believe,
and you could test with one of those.
Click to expand...

I think MichaelR and "rev michael" are the same person Brian. But that is
niether hear nore there since this thread is over a year old.

Sorry to chime in on this thread at such a late date.

I am having a similar issue s/mime certificates, but we're encountering it
on an inbound encrypted message. The same message is displayed when trying
to open the encrypted email. This seems to suggest that somehow Outlook does
not have access to the IE7 certificate store. Is there a specific setting in
Outlook or IE7 to can be inadvertantly set during an update thay may cause
this.
We have multiple customers running Outlook 2003 on XP w/ IE7 and they all
are issued the same pkcs12 certificate, but a few of them run into this issue
where "Your Digital ID Name cannot be found".
 
--V said:
I am having a similar issue s/mime certificates, but we're
encountering it on an inbound encrypted message. The same message is
displayed when trying to open the encrypted email. This seems to
suggest that somehow Outlook does not have access to the IE7
certificate store. Is there a specific setting in Outlook or IE7 to
can be inadvertantly set during an update thay may cause this.
We have multiple customers running Outlook 2003 on XP w/ IE7 and they
all are issued the same pkcs12 certificate, but a few of them run
into this issue where "Your Digital ID Name cannot be found".
Click to expand...

I've seen this happen on occasion and the only solution was to create a new
Windows user profile for the person with the problem and have them reload
their certs.
 
OK. I will continue to try down that path. In certain environment (i.e.
corporate) recreating the user profile is no simple task. What is really
needed, from a troubleshooting perspective, is a way to turn on telemetry
that can be caputured in a log file.

Thanks for your prompt response.
 
--V said:
OK. I will continue to try down that path. In certain environment (i.e.
corporate) recreating the user profile is no simple task. What is really
needed, from a troubleshooting perspective, is a way to turn on telemetry
that can be caputured in a log file.

Thanks for your prompt response.
Click to expand...

I've run into that issue before and what fixed it for me was to uncheck the
box in Outlook that says to "Send clear text signed message when sending
signed messages"
 
Back
Top