An expired digital certificate affects messages sent before the certificate expired

This is an obvious tip but something to be aware of if you let your digital certificate expire. Typically, digital certificates are licensed for terms of a year, or multiple years, at a time. Digitally signed emails, sent prior to the expiration of the digital certificate used to sign them, will still generate a certificate error when they are opened after the certificate has expired.

If the recipient opens a digitally signed message prior to the expiration date of a valid certificate, the message will appear fine and show a little certification award ribbon. If the recipient opens the same message after the expiration of the certificate, the recipient will see a certificate error in the message. If the recipient uses Microsoft Office Outlook, he or she will see this alert in the header area of the message: “There are problems with the signature. Click the signature button for details.” Click the signature button (a yellow diamond with a red exclamation mark, which replaces the certificate award ribbon) to open the window shown in Figure 1. Click the Details button to see the Message Security Properties window, which gives further information about the certificate. This windows includes the underlying error, which in this case is the “certificate used to create the signature is no longer valid,” as shown in Figure 2. From the Message Security Properties window, you can select View Details and View Certificate. Figure 3 shows the View Certificate window, which indicates that this certificate expired on December 13, 2008.

Outlook doesn’t provide a built-in advanced warning mechanism for expiring digital certificates. It’s up to you to manage the dates or perhaps setup a task to renew them in Outlook before they expire. For some of my clients, it’s important to not to let any sign of insecurity show to their customers. Certificate vendors often provide web-based certificate administration for administrators to create and issue certificates. Often those certificate management tools will alert administrators prior to client certificate expiration dates. Look for a Tips & Techniques article on configuring Outlook 2003/2007 for S/MIME for the enterprise soon.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.