|Applies To||Keon Certificate Authority 6.0|
Sun Solaris 2.8
|Issue||Cannot sign email with certificate from Keon Certificate Authority 6.0|
Cannot use certificate for S/MIME
After enrolling for certificate, signing certificate with no extensions (V1 certificate) and installing certificate from KCA 6.0, the certificate does not appear in the list when choosing an S/MIME certificate in Outlook. Enrolling for a V1 certificate from KCA 5.7 works fine.
|Cause||The email address must be in the subject name (DN) for V1 certificates in order for Microsoft Outlook to identify the certificate as S/MIME capable. V1 certificates by definition have no extensions.|
|Resolution||Because KCA 6.0 now uses jurisdictions to control how certificates are enrolled for and issued, the administrator has control over what gets put into the certificate's subject DN. When configuring the jurisdiction for end user certificates that will be capable of doing S/MIME, the email address must be included in the subject DN.|
To edit the certificate attributes, select the CA and choose "Configure" at the bottom of the GUI under "Jurisdiction Configuration". Under "Sections | Certificate Attributes" make sure that "EA E-mail Address" appears in "Certificate Attributes Configuration" list box. If it isn't there click "New Entry" and add it. If it is in the list, highlight it and scroll down to where the configuration settings are. Make sure "Include in DN" is checked.
NOTE: The columns may not be properly aligned. "Include in DN" should be the first check box.
|Legacy Article ID||a7830|