OWA Multiple SMIME certificate : How user can chose correct certificate in OWA

%3CLINGO-SUB%20id%3D%22lingo-sub-1520589%22%20slang%3D%22en-US%22%3EOWA%20Multiple%20SMIME%20certificate%20%3A%20How%20user%20can%20chose%20correct%20certificate%20in%20OWA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1520589%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3EI%20hop%20this%20is%20correct%20forum.%3C%2FP%3E%3CP%3EUser%20has%20two%20SMIME%20certificate.%20When%20sending%20email%20he%20can%20chose%20with%20which%20certificate%20will%20he%20sign%20the%20email.%3C%2FP%3E%3CP%3EUnder%20OWA%20I%20don%20see%20this%20option.%3C%2FP%3E%3CP%3EUnder%20S%2FMIME%20user%20setting%26nbsp%3B%20is%26nbsp%3B%20option%20%E2%80%9EAutomatically%20choose%20the%20best%20certificate%20for%20digital%20signing%E2%80%9C%26nbsp%3B%20is%20grey%20out.%3C%2FP%3E%3CP%3EI%20did%20set%26nbsp%3B%20%3A%20set-Smimeconfig%20%26nbsp%3B-OWAAllowUserChoiceOfSigningCertificate%20%24true%3C%2FP%3E%3CP%3EI%20is%20almost%2024h%20hours%2C%20but%20option%20is%20grayed%20out%20in%20OWA%20under%20SMIME%20config.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20is%20strange%20in%20OWA%20%3A%3C%2FP%3E%3CP%3EUser%20has%20a%20group%20that%20he%20can%20send%20as%20User%40domainB.com%3C%2FP%3E%3CP%3EWhen%20he%20send%20sign%20email%20as%20%3CA%20href%3D%22mailto%3AUser%40domainA.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EUser%40domainA.com%3C%2FA%3E%20certificate%20is%20always%20%3CA%20href%3D%22mailto%3AUser%40domainB.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EUser%40domainB.com%3C%2FA%3E%20and%20it%20shows%20no%20error.%3C%2FP%3E%3CP%3EIgnore%20in%20picture%20other%20options%2C%26nbsp%3B%20because%20I%20do%20not%20have%20SMIME%20certificate.%3C%2FP%3E%3CP%3EBR%2C%3C%2FP%3E%3CP%3ESatne%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1520589%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
New Contributor

Hi,

I hop this is correct forum.

User has two SMIME certificate. When sending email he can chose with which certificate will he sign the email.

Under OWA I don see this option.

Under S/MIME user setting  is  option „Automatically choose the best certificate for digital signing“  is grey out.

I did set  : set-Smimeconfig  -OWAAllowUserChoiceOfSigningCertificate $true

I is almost 24h hours, but option is grayed out in OWA under SMIME config.

 

What is strange in OWA :

User has a group that he can send as User@domainB.com

When he send sign email as User@domainA.com certificate is always User@domainB.com and it shows no error.

Ignore in picture other options,  because I do not have SMIME certificate.

BR,

Satne

1 Reply

@Mali_Stane 

I am in the exact same boat! While I can uncheck the automatic option, nothing I chose seems to work. If my user's email address or (proxy addresses) match their certificate, the automatic configuration works, however, nothing else seems to.

 

If you have a user where the certificate Subject Alternative Name does not match the users email address or any of their proxy-addresses, then you can not select a certificate. (While, Outlook with a quick change will allow this all day long. So thankfully that still works.)

 

I have thought maybe the following items would help:

-OWASenderCertificateAttributesToDisplay
-OWAUseSecondaryProxiesWhenFindingCertificates

 

The real problem is I can not figure out what the right values for OWASenderCertificateAttributesToDisplay actually are!

and I think the second setting (OWAUseSecondaryProxiesWhenFindingCertificates) is not compatible with it in the first place. (Please note this is only a theory)

 

I am at my Wits end!

 

If anyone could give me a clue as to the right value for OWASenderCertificateAttributesToDisplay, I will forever be in your debt.