Share via

Outlook Mobile Doesn't Verify Signature

Shane Goodman 6 Reputation points
2026-03-23T02:10:14.6+00:00

I have set up S/MIME, and tested it by sending emails to other accounts. Most accounts, like Outlook classic, show the signature correctly, and when I click on it, it says "Digital Signature: Valid". Outlook mobile, however says "Can't Verify Signature". How can I find out if this is a problem with the security certificate, or if Outlook mobile just can't process signed emails?

I'm using Outlook mobile for Android version 5.2610

Outlook | Outlook for mobile | Outlook for Android | For home
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alice-N 8,570 Reputation points Microsoft External Staff Moderator
    2026-03-31T03:19:02.0866667+00:00

    Hi Shane Goodman

    Thank you for reaching out to the Microsoft Q&A forum. I understand you are having a problem where S/MIME-signed emails show “Digital Signature: Valid” in Outlook desktop, but Outlook for Android shows “Can’t Verify Signature.” Please confirm whether the account on your Android device is a work/school Microsoft 365 mailbox in Exchange Online or a personal Outlook.com/IMAP account, and when you tap the S/MIME banner in Outlook mobile, what exact certificate error details it shows (if any).

    Look forward to hearing from you. Have a lovely day!

  2. Q&A Assist
    2026-03-23T02:10:27.7866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    On Outlook for Android, S/MIME signatures are fully validated only if both Exchange Online and the device are correctly configured for S/MIME. The “Can’t Verify Signature” message indicates a validation problem, not a general limitation of Outlook mobile.

    To distinguish a certificate/configuration issue from an app limitation, check the following areas that affect Outlook for iOS and Android specifically:

    1. Verify S/MIME is enabled and configured in Exchange Online
      Outlook for iOS and Android requires S/MIME to be configured in Exchange Online. If this is not done, the app cannot properly validate signatures.

    Key prerequisites:

    • A virtual certificate collection must be set up in Exchange Online.
    • The certificate revocation list (CRL) for the issuing CA must be published and reachable from Exchange Online.

    Exchange Online validates the full certificate chain for the signer’s certificate:

    • It walks the chain via the authority information access (AIA) attributes until it reaches a trusted root certificate in the virtual certificate collection.
    • It must be able to query the CRL for the issuing CA.

    If Exchange Online cannot locate a trusted root or cannot reach the CRL, the certificate is considered invalid and not trusted, and Outlook for iOS and Android will surface this as a certificate/signature problem.

    1. Confirm the certificate chain is trusted in Exchange Online
      For the signing certificate used on the messages:
    • Ensure the full chain (intermediate and root) is present or discoverable in the Exchange Online virtual certificate collection.
    • If the chain is incomplete or the root is not trusted in Exchange Online, Outlook mobile will not treat the signature as valid even if Outlook classic does.
    1. Check for certificate errors in Outlook mobile
      Outlook for iOS and Android exposes certificate issues directly in the message:
    • When viewing the signed message, tap the S/MIME status bar.
    • If there are certificate errors (for example, untrusted root, expired certificate, or revocation/CRL issues), Outlook will show a warning with more information about the problem.

    This behavior is documented: Outlook for iOS and Android warns about certificate errors, and tapping the S/MIME status bar shows details. If such an error appears, the issue is with the certificate or its trust chain, not with Outlook’s ability to process signed mail.

    1. Ensure the signer’s public certificate is installed on the device
      For received signed messages, Outlook for iOS and Android can install the sender’s public certificate:
    • Tap the S/MIME status bar on the signed message to install the sender’s public key into the Microsoft publisher keychain (iOS) or Android system KeyStore.

    If the public certificate is not installed or is corrupted, Outlook mobile may not be able to verify the signature.

    1. Check for expiration or revocation
      Outlook for iOS and Android performs validity checks on certificates:
    • If a certificate is expired or near expiration, Outlook alerts the user when signing/encrypting.
    • For received messages, an expired or revoked certificate will cause the signature to be treated as invalid.

    If Outlook classic shows the signature as valid but Outlook mobile does not, focus on:

    • Whether Exchange Online can build and validate the full chain (including CRL access).
    • Whether the signer’s public certificate and its chain are correctly installed and trusted on the mobile device and in Exchange Online.

    If all of the above are correctly configured and no certificate errors are shown when tapping the S/MIME status bar, Outlook mobile is capable of processing and validating S/MIME signatures; persistent “Can’t Verify Signature” in that case would point back to a trust/chain/CRL configuration issue rather than a functional limitation of Outlook for Android.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.