Outlook won't open encrypted email from sender with unknown certificate
41 views
Skip to first unread message
Kurt Buff
Nov 15, 2023, 4:07:51 PM11/15/23
to ntexc...@googlegroups.com
I'm researching right now, but if anyone has a quick answer for me I
would be grateful.
CFO receives an encrypted email from outside source, has validated sender.
Opening email gets a warning that the certificate is unknown/untrusted.
I viewed the certificate, imported it into her personal store, then
restarted Outlook, but the error recurs.
5 minutes of STFW doesn't reveal an answer, though I'm going to keep looking.
Thoughts?
Kurt
would be grateful.
CFO receives an encrypted email from outside source, has validated sender.
Opening email gets a warning that the certificate is unknown/untrusted.
I viewed the certificate, imported it into her personal store, then
restarted Outlook, but the error recurs.
5 minutes of STFW doesn't reveal an answer, though I'm going to keep looking.
Thoughts?
Kurt
Philip Elder
Nov 15, 2023, 4:31:36 PM11/15/23
to ntexc...@googlegroups.com
Spoof/Phish.
I'd be studying that header real close.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Skype: MPECSInc.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce5z5_xFqe6-8EPNy9FXc8QLZV5py-_7T1eOeUAX8rxQqA%40mail.gmail.com.
I'd be studying that header real close.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: www.mpecsinc.com
Blog: blog.mpecsinc.com
Twitter: Twitter.com/MPECSInc
Skype: MPECSInc.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce5z5_xFqe6-8EPNy9FXc8QLZV5py-_7T1eOeUAX8rxQqA%40mail.gmail.com.
Michael B. Smith
Nov 15, 2023, 4:45:16 PM11/15/23
to ntexc...@googlegroups.com
The certificate hierarchy could also require intermediates you don't have.
But my initial gut feeling would match Philip's.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/3e58b09e0a164d3f9839f010cf9db311%40MPECSInc.Ca.
But my initial gut feeling would match Philip's.
Jim Kennedy
Nov 15, 2023, 4:49:21 PM11/15/23
to ntexc...@googlegroups.com
I am going with intermediate cert missing...since Kurt said the sender was validated.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Michael B. Smith
Sent: Wednesday, November 15, 2023 4:45 PM
To: ntexc...@googlegroups.com
Subject: RE: [External] [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
The certificate hierarchy could also require intermediates you don't have.
But my initial gut feeling would match Philip's.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Philip Elder
Sent: Wednesday, November 15, 2023 4:32 PM
To: ntexc...@googlegroups.com
Subject: RE: [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
Spoof/Phish.
I'd be studying that header real close.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Web: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mpecsinc.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=ovv2hIlvLOK75Ya8Dc3JdkM7CiSAKyDd-N0NmsRPBjI&e=
Blog: https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.mpecsinc.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=Su7InaofKcpBj-znimu7rT0fz51V9sUsY-nNIXDcdEo&e=
Twitter: https://urldefense.proofpoint.com/v2/url?u=http-3A__Twitter.com_MPECSInc&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=VtfaJ2IiKc6qDR3ENsXL197nBdONLG-Q0MpRNkNhjQ8&e=
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_ntexchange_3e58b09e0a164d3f9839f010cf9db311-2540MPECSInc.Ca&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=6lBlaY-0AY27P3MZdFkUr_p7Ppn1J9FAbRuAF-A9Qlk&e=.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_ntexchange_4874c33aca6d480ca3252f5f330b8e89-2540smithcons.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=nKCLaLQJgXdfk3TmBP1ijj2ORfDIatffZWFfM6Apt_I&e=.
CAUTION: This email originated from outside of the organization. Do not click any links or open any attachments unless you trust the sender and know the content is safe.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Michael B. Smith
Sent: Wednesday, November 15, 2023 4:45 PM
To: ntexc...@googlegroups.com
Subject: RE: [External] [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
The certificate hierarchy could also require intermediates you don't have.
But my initial gut feeling would match Philip's.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Philip Elder
Sent: Wednesday, November 15, 2023 4:32 PM
To: ntexc...@googlegroups.com
Subject: RE: [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
Spoof/Phish.
I'd be studying that header real close.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Blog: https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.mpecsinc.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=Su7InaofKcpBj-znimu7rT0fz51V9sUsY-nNIXDcdEo&e=
Twitter: https://urldefense.proofpoint.com/v2/url?u=http-3A__Twitter.com_MPECSInc&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=VtfaJ2IiKc6qDR3ENsXL197nBdONLG-Q0MpRNkNhjQ8&e=
Skype: MPECSInc.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Kurt Buff
Sent: Wednesday, November 15, 2023 14:08
To: ntexc...@googlegroups.com
Subject: [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
I'm researching right now, but if anyone has a quick answer for me I would be grateful.
CFO receives an encrypted email from outside source, has validated sender.
Opening email gets a warning that the certificate is unknown/untrusted.
I viewed the certificate, imported it into her personal store, then restarted Outlook, but the error recurs.
5 minutes of STFW doesn't reveal an answer, though I'm going to keep looking.
Thoughts?
Kurt
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_ntexchange_CADy1Ce5z5-5FxFqe6-2D8EPNy9FXc8QLZV5py-2D-5F7T1eOeUAX8rxQqA-2540mail.gmail.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=XNO-XrNYpoj0ifpaT19jXZQwiD8ASgpNLjh4-G6oxxo&e=.
Please note: Although we may sometimes respond to email, text and phone calls instantly at all hours of the day, our regular business hours are 8:00 AM - 5:00 PM, Monday thru Friday.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Kurt Buff
Sent: Wednesday, November 15, 2023 14:08
To: ntexc...@googlegroups.com
Subject: [ntexchange] Outlook won't open encrypted email from sender with unknown certificate
I'm researching right now, but if anyone has a quick answer for me I would be grateful.
CFO receives an encrypted email from outside source, has validated sender.
Opening email gets a warning that the certificate is unknown/untrusted.
I viewed the certificate, imported it into her personal store, then restarted Outlook, but the error recurs.
5 minutes of STFW doesn't reveal an answer, though I'm going to keep looking.
Thoughts?
Kurt
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
CAUTION: This email originated from outside of the organization. Do not click any links or open any attachments unless you trust the sender and know the content is safe.
Kurt Buff
Nov 15, 2023, 5:39:05 PM11/15/23
to ntexc...@googlegroups.com
I hate, hate, hate PFM.
It's working now.
At the end of my quick troubleshooting with her, she had to go into a meeting.
An hour later, I return to her desk and ask her to open the email so I
can do some more troubleshooting (make double-dang sure she's
validated the sender, validate that the cert domains match the sending
domain, check that the cert is exposed through the trust center, etc.)
and it opened right up.
Comments welcome, but I'm claiming the win and walking away.
Kurt
> To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/BL1PR11MB5509D31BD493AE4C14D8DC8CF6B1A%40BL1PR11MB5509.namprd11.prod.outlook.com.
It's working now.
At the end of my quick troubleshooting with her, she had to go into a meeting.
An hour later, I return to her desk and ask her to open the email so I
can do some more troubleshooting (make double-dang sure she's
validated the sender, validate that the cert domains match the sending
domain, check that the cert is exposed through the trust center, etc.)
and it opened right up.
Comments welcome, but I'm claiming the win and walking away.
Kurt
Michael B. Smith
Nov 15, 2023, 5:44:56 PM11/15/23
to ntexc...@googlegroups.com
FTW!
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce5ZWQ-J8suMsSbjVs1wg0G_-h7N%3Dj%3Diazv7uQUq6nescw%40mail.gmail.com.
Philip Elder
Nov 15, 2023, 6:22:14 PM11/15/23
to ntexc...@googlegroups.com
What's PFM?
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce5ZWQ-J8suMsSbjVs1wg0G_-h7N%3Dj%3Diazv7uQUq6nescw%40mail.gmail.com.
Philip Elder MCTS
Senior Technical Architect
Microsoft High Availability MVP
E-mail: Phili...@mpecsinc.ca
Phone: +1 (780) 458-2028
Kurt Buff
Nov 15, 2023, 9:10:03 PM11/15/23
to ntexc...@googlegroups.com
" Pure F'ing Magic"
Kurt
> To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/3e5e04442c75409bb868ecc600f6aad9%40MPECSInc.Ca.
Kurt
Philip Elder
Nov 15, 2023, 9:38:39 PM11/15/23
to ntexc...@googlegroups.com
Heh ... and we want to entrust our lives to software? :0P
To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/CADy1Ce4bazkdGFcs%2Bs5j87p93VuwZtPofnn8h%2BPTOvxU3pHT_Q%40mail.gmail.com.
Jim Kennedy
Nov 16, 2023, 9:23:00 AM11/16/23
to ntexc...@googlegroups.com
Outlook needed to be restarted to pick up the cert perhaps?
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Kurt Buff
> To view this discussion on the web visit https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_ntexchange_BL1PR11MB5509D31BD493AE4C14D8DC8CF6B1A-2540BL1PR11MB5509.namprd11.prod.outlook.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=g7ZxZ7jIou4TP0FLHFZb5AWp-Iw672IOkJCw6vXRUnXX4c6brObbZ_ZvZBYJwlId&s=WQ5O18bNu-D8OSJBNMydytYl6fATqKYZmI_1aPEnP2A&e=.
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
To view this discussion on the web visit https://urldefense.proofpoint.com/v2/url?u=https-3A__groups.google.com_d_msgid_ntexchange_CADy1Ce5ZWQ-2DJ8suMsSbjVs1wg0G-5F-2Dh7N-253Dj-253Diazv7uQUq6nescw-2540mail.gmail.com&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=g7ZxZ7jIou4TP0FLHFZb5AWp-Iw672IOkJCw6vXRUnXX4c6brObbZ_ZvZBYJwlId&s=tgU40BWsZUa0n3IDCxdCZOW3xgLf3i-asIzJCqxuvxg&e=.
-----Original Message-----
From: ntexc...@googlegroups.com <ntexc...@googlegroups.com> On Behalf Of Kurt Buff
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.mpecsinc.com&d
> =DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJ
> liaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9
> HgPqAU1W5yrhgnj234DOFA1XuC&s=ovv2hIlvLOK75Ya8Dc3JdkM7CiSAKyDd-N0NmsRPB
> jI&e=
> Blog:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.mpecsinc.com&
> d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREG
> JliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi
> 9HgPqAU1W5yrhgnj234DOFA1XuC&s=Su7InaofKcpBj-znimu7rT0fz51V9sUsY-nNIXDc
> dEo&e=
> Twitter:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__Twitter.com_MPECSI
> nc&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DL
> REGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjw
> XYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=VtfaJ2IiKc6qDR3ENsXL197nBdONLG-Q0MpRN
> kNhjQ8&e=
> =DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREGJ
> liaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi9
> HgPqAU1W5yrhgnj234DOFA1XuC&s=ovv2hIlvLOK75Ya8Dc3JdkM7CiSAKyDd-N0NmsRPB
> jI&e=
> Blog:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__blog.mpecsinc.com&
> d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DLREG
> JliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjwXYi
> 9HgPqAU1W5yrhgnj234DOFA1XuC&s=Su7InaofKcpBj-znimu7rT0fz51V9sUsY-nNIXDc
> dEo&e=
> Twitter:
> https://urldefense.proofpoint.com/v2/url?u=http-3A__Twitter.com_MPECSI
> nc&d=DwIFaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=rJ0bECN-DL
> REGJliaxbIirMa-UuoXK1suNAdXyOdScU&m=f6p5ve1yeboiv02cF1D2LHiqmi6ZQMumjw
> XYi9HgPqAU1W5yrhgnj234DOFA1XuC&s=VtfaJ2IiKc6qDR3ENsXL197nBdONLG-Q0MpRN
> kNhjQ8&e=
--
You received this message because you are subscribed to the Google Groups "ntexchange" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntexchange+...@googlegroups.com.
Kurt Buff
Nov 16, 2023, 10:47:06 AM11/16/23
to ntexc...@googlegroups.com
I don't think so - we had restarted it during our initial
troubleshooting, and AFAIK it had not been restarted again.
I could be wrong, though. Heaven knows I often am.
Kurt
On Thu, Nov 16, 2023 at 7:23 AM 'Jim Kennedy' via ntexchange
> To view this discussion on the web visit https://groups.google.com/d/msgid/ntexchange/BL1PR11MB5509C88EA4F6E8766B1A7713F6B0A%40BL1PR11MB5509.namprd11.prod.outlook.com.
troubleshooting, and AFAIK it had not been restarted again.
I could be wrong, though. Heaven knows I often am.
Kurt
On Thu, Nov 16, 2023 at 7:23 AM 'Jim Kennedy' via ntexchange
Reply all
Reply to author
Forward
0 new messages