000022549 - Digitally signed email does not display when using Microsoft Outlook Web Access (OWA)

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022549
Applies ToKeon Certificate Authority
RSA Certificate Manager
Microsoft Outlook Web Access (OWA)
IssueDigitally signed email does not display when using Microsoft Outlook Web Access (OWA)
"The contents of this message can't be displayed because the message is encrypted or digitally signed." is displayed when trying to view digitally signed email with OWA
Digitally signed email is displayed with "encrypted message" icon
"Send this message as clear text signed" is unchecked
Opaque signed message
CauseMessage was sent as opaque signed email, and not clear text signed email
ResolutionIn Microsoft Outlook 2003, configure your default settings to send clear text signed email message. From Outlook, perform the following steps:

1. Click Tools > Options > Security tab

2. Check "Send clear text signed message when sending signed messages"

This ensures that when you click the "Digitally Signed Message" icon, it will send it by default as clear text.

There are 2 ways that you can send a digitally signed message: opaque, and clear signed:

1. Sending opaquely means that the entire message (its full contents and the digital signature 'blob') are all collected and processed into one huge MIME chunk that basically forms the message contents when it's sent out. Receiving clients (like Outlook) that know how to handle S/MIME messages can then extract the actual message and digital signature blob, validate it, and display the message to the user. Receiving agents that don't know how to handle S/MIME will just display a blank message with an attachment.

2. Sending a message clear text signed means the entire message contents are sent as plain-text, and the digital signature part is just appended to the end of the message as an attachment. In this way, any email client can still read the message even if it doesn't support S/MIME since the message is in plain text (even though it still cannot validate the signature). S/MIME-capable clients can still go through the additional work of checking the message contents and comparing with the digital signature attachment to verify its validity.

In Outlook, when you check "Send this message as clear text signed", you're choosing clear signed and assuring the greatest compatibility with all other clients, which is preferred.  When you deselect it, you're choosing opaque signing, and many people may not be able to read your messages.  (The advantage of opaque signing is that the message is less likely to be altered by servers on the way to its destination.  Some servers, in an effort to be 'smart,' will snoop through a message and quietly and subtly change/convert its contents, thus invalidating the signature.  Opaque signing is one way of preventing this.)

NOTE: All versions of Outlook Web Access will allow reading of clear text signed messages, but only one will allow reading of opaque signed messages.

Refer to Exchange S/MIME Support in Exchange 2003 for compatibility.
Legacy Article IDa29095