OWA Multiple SMIME certificate : How user can chose correct certificate in OWA

New Contributor


I hop this is correct forum.

User has two SMIME certificate. When sending email he can chose with which certificate will he sign the email.

Under OWA I don see this option.

Under S/MIME user setting  is  option „Automatically choose the best certificate for digital signing“  is grey out.

I did set  : set-Smimeconfig  -OWAAllowUserChoiceOfSigningCertificate $true

I is almost 24h hours, but option is grayed out in OWA under SMIME config.


What is strange in OWA :

User has a group that he can send as User@domainB.com

When he send sign email as User@domainA.com certificate is always User@domainB.com and it shows no error.

Ignore in picture other options,  because I do not have SMIME certificate.



1 Reply


I am in the exact same boat! While I can uncheck the automatic option, nothing I chose seems to work. If my user's email address or (proxy addresses) match their certificate, the automatic configuration works, however, nothing else seems to.


If you have a user where the certificate Subject Alternative Name does not match the users email address or any of their proxy-addresses, then you can not select a certificate. (While, Outlook with a quick change will allow this all day long. So thankfully that still works.)


I have thought maybe the following items would help:



The real problem is I can not figure out what the right values for OWASenderCertificateAttributesToDisplay actually are!

and I think the second setting (OWAUseSecondaryProxiesWhenFindingCertificates) is not compatible with it in the first place. (Please note this is only a theory)


I am at my Wits end!


If anyone could give me a clue as to the right value for OWASenderCertificateAttributesToDisplay, I will forever be in your debt.