Share via

Invalid Certificate Issue still occurs...

Tung Wei 20 Reputation points
2026-05-16T04:52:57.3333333+00:00

I met the same problem as described at : https://learn.microsoft.com/en-us/answers/questions/4609967/how-to-fix-invalid-certificate-microsoft-outlook-c

I can confirm I've the right Certificate imported into Windows 11 LTSC, and I'm now using Office 2024 ProPlus there. The "From" email address is THE SAME as what it is in the Certificate.

I just wanna have a test (I mean I send the email to myself). But the issue occurs, and for some older versions of Office, this goes right.

Notice:

  1. Windows is the lastest version (Windows 11 IoT Enterprise LTSC, 24H2, 26100.8246).
  2. Office is the latest version(2604 Build 16.0.19929.20172).

a

b

Outlook | Windows | Classic Outlook for Windows | For business

Answer accepted by question author

Vergil-V 14,275 Reputation points Microsoft External Staff Moderator
2026-05-21T09:32:03.4766667+00:00

Please note that our forum is a public platform, and we will modify your image to hide your personal information in the description. Kindly ensure that you hide any personal or organizational information the next time you post an error or other details to protect personal data.    
Hi @Tung Wei
Thank you for your update. 

Based on the second image, it appears that the internal CA currently does not have any revocation infrastructure in place, such as CRL, OCSP, or AIA. Because of this, when Outlook 2024 attempts to verify whether the certificate has been revoked, it is unable to retrieve any revocation information and therefore reports the status as Unknown.  

In this situation, you might consider the following approaches: 

Option 1:  Configure an internal CRL endpoint on the CA and reissue the certificates with a proper CDP URL. This allows clients like Outlook to access the revocation data and complete the validation successfully. 

Option 2:  If configuring the infrastructure is not feasible at this time, you may consider disabling revocation checking for this certificate chain through Group Policy on a single device: 

gpedit.msc → Local Computer Policy → Computer Configuration → Windows Settings → Security Settings → Public Key Policies → Certificate Path Validation Settings → Revocation tab 

I hope this provides additional insight. 

Was this answer helpful?

1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vergil-V 14,275 Reputation points Microsoft External Staff Moderator
    2026-05-17T10:30:14.8866667+00:00

    Hi @Tung Wei

    Thank you for sharing the details. It really helps in understanding your situation more clearly. 

    Based on my research, here are some steps you may want to verify further: 

    1/ Verify the certificate in Certificate Manager 

    Press Windows + R, then type certmgr.msc, and navigate to:  Personal > Certificates > Details 

    Please check the following: 

    • Key Usage should contain Digital Signature and Key Encipherment 
    • Enhanced Key Usage should include: 1.3.6.1.5.5.7.3.4 

    2/ Check certificates using Command Prompt 

    Open Command Prompt with administrator privileges and run: 

    certutil -user -store My  

    This command will list all certificates in the current user’s Personal certificate store. 

    I hope this provides some helpful direction for your investigation. If you have any updates or findings, please feel free to share them here. 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    Was this answer helpful?

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.