Share via

Outlook doesnt recognize SMIME Certificate M365

Roman Malyar 0 Reputation points
2026-04-08T09:04:48.76+00:00

Hello all,

unfortunately Microsoft Support couldnt help me with this topic so, I hope to find a solution here.
One of our Clients has M365 and uses Exchange online. We are their MSP.

They recently got a SMIME Certificate, for sending mails with a signature. They have about 10 Clients. I Created a sharedMailbox and gave full access & send as permissions to all users. This is working fine, no problem so far.

I imported the Certificate to the local user own certificate Tab, also everything ok. 6 out of 10 PC, are working fine and are using this certificate. However 4 Clients dont recognize the certificate.
I followed this article:
https://learn.microsoft.com/en-us/answers/questions/4736296/outlook-365-does-not-recognize-imported-s-mime-cer

Didnt work. I did these additional steps:

  • Reinstalling Office 365 Package
  • Updating Office365
  • Updating Windows 11
  • Repaired Office
  • Imported it several times, restarted
  • imported it via Outlook digital ID

Microsoft Support says, that i should contact the SMIME CA, but it works, on more than half of the Clients. Help would be appreciated, I ran out of ideas.

Thanks!

Best Regards
Roman

Outlook | Windows | Classic Outlook for Windows | For business
0 comments
Answer recommended by moderator
  1. Roman Malyar 0 Reputation points
    2026-04-14T10:14:59.4166667+00:00

    Hello,

    I got it running on all last 4 PC's but with additional steps.

    It didnt work right after I did everything, except step 4. Didnt want to migrate all the user data, because its a domain.

    Steps:

    1. Clear %temp%
    2. Disk Cleanup
    3. reboot
    4. Install all OS & Office Updates
    5. reboot
    6. Delete certificate
    7. Instantly reboot
    8. Import certificate
    9. Open edge Browser
    10. Login to OWA
    11. If its a sharedMailbox open it in the top right corner
    12. go to setting -> SMIME
    13. install the Broser plugin
    14. refresh page
    15. install the msi
    16. refresh page
    17. send a test massage
    18. open outlook
    19. send a signes email
    20. if its not working, wait 1-2 minuten and try again
    21. if its still not working -> new profile

    And it worked. :D

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Michelle-N 15,135 Reputation points Microsoft External Staff Moderator
    2026-04-08T11:06:19.3933333+00:00

    Hi @Roman Malyar

    Based on the information you provided, I understand that your client uses Microsoft 365 and Exchange Online, and 4 out of 10 clients cannot recognize the imported S/MIME certificate for a shared mailbox, while it works perfectly fine on the other 6 clients.

    Please note that this is a user-to-user support forum. Moderators and contributors, including external Microsoft employees, cannot directly intervene in Microsoft product features or access back-end systems. Our role is limited to providing technical guidance on reported issues, requests, or ideas.

    Because I currently do not have specialized tools to view your environment, I can only provide some directions for you to test:

    Step 1: Deep Clean the Cached Certificate

    On the machines experiencing the error, completely delete the imported certificate, ensuring the private key is removed as well. Once deleted, restart the PC immediately. This is necessary to clear out any lingering, corrupted references that might be stuck in the Windows CryptoAPI cache.

    Step 2: Export a Fresh Copy from a Working Machine

    Instead of using the original certificate file, let's pull a known-good configuration.

    1. Go to one of the 6 PCs where the signature is working perfectly.
    2. Find the S/MIME certificate, right-click it, and select All Tasks > Export.
    3. Choose Yes, export the private key and select the Personal Information Exchange – PKCS #12 (.PFX) format.
    4. Save the file and transfer it to the failing machine.

    Step 3: Clean Import Process

    1. On the failing machine, double-click the newly transferred .pfx file.
    2. Select Store Location: Current User and ensure it is placed in the Personal store.
    3. Enter the password.
    4. Crucial step: Ensure that "Enable strong private key protection" is UNCHECKED (do not turn this on).
    5. Complete the import wizard and restart the PC (or at least completely kill and restart Outlook).

    Step 4: Profile Rebuilds

    If the fresh import does not trigger recognition, try creating a completely new Outlook profile on the failing machine. Sometimes the mail profile itself corrupts its link to the local Windows certificate store.

    If the new Outlook profile still fails, the underlying issue is likely rooted deep within the local user's Windows registry or crypto store. As a final isolation step, consider creating a completely new Windows user profile on that specific PC, setting it up fresh, and importing the certificate there.

    Please let me know if you have any further information!

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.