Many users reported the error message “Your Digital ID name cannot be found by the underlying security system” while trying to open an encrypted email in Microsoft Outlook using the certificate which is having 3DES encryption abilities.
Email encryption has become very popular generally for emails that include sensitive data and stop email Spam. And encrypting the email in Outlook means it is transformed from the clear text into the jumbled code text. And the email can only be accessed by the recipient who is having the private key utilized for encrypting the mail can decode the message content and read it.
But, in some cases while opening the encrypted email the Recipient gets rejected and see the error message:
“Sorry, we’re having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system.”
Well, in some cases the error is temporary but for some users, the error continues to appear. There is no specific reason why the error appears, however after investigation we find out the main reason responsible for the error is related to the Outlook build.
Launching with the Outlook build 16.0.8518.1000, Microsoft upgraded the default reserve algorithm from the 3DES to AES256. Therefore, when the user utilizes the Outlook 16.0.8518.1000 build or later delivers the encrypted emails and the recipient tries to open it by utilizing the 3DES only certificate encryption capabilities, the error message appears on their screen.
Despite this, another possible reason why you see the error is either you are not having the certificate to decode the email message, or else you both are having the certificate bot require some settings reconfiguration.
So, here try the potential solutions that work to get past the error message.
Verify Your Certificate
It is important for you to first confirm whether you are having a certificate for encrypting the email. So here follow the steps to verify if you are having a certificate or not.
- Launch Outlook and click on File, next click the Options
- Then under Options look for the Trust Center and click on it
- Next click on the Trust Center Settings and Email Security option
- Here near the settings button look for the cert. title
Open the certificate title and check if it is blank, then click the Settings and you can now select the certificate utilizing the Choose button and then click on OK. If they are blank, then here require buying a new certificate.
There are many External Certificate Authorities available you can choose to buy it. But if the certificate is available the try next solution.
Enable the Client Authentication & Secure Email option
Many users confirmed that enabling the option help them to fix the Outlook your digital id name cannot be found error.
Follow the steps to do so:
- Open Internet Explorer and here click on the Tools option
- Next, click the Internet Options and then on the Content tab
- From here you need to click the Certificates, next on Personal
- Click on the Advanced option and under Certificate Purpose look for the Client Authentication & Secure Email option
- And click the check box next to it, and click the OK button to save the changes.
Check if the error is fixed or not, but if still unable to decrypt the email, then head to the next solution.
Remove Problematic Senders’ Certificates
There is the possibility that the error occurs due to the problematic sender certificate, so here it is suggested to look for the particular ones and delete them.
Here follow the steps to do so:
- Click on the Start button and in the search box type MMC (Memory Management Console)
- And run the command, now as the command window open click CTRL+ M keys
- Then double click on Certificates, click the My User Account option, and OK
- Now Certificates – Current User, then Other People and then on Certificates
- Here delete the problem senders certificates
- After that Close – Save console settings to Console1 yes.
Check if the Outlook Certificate error: Digital ID name cannot be found by the underlying security system is still persisting or fixed.
Delete and Readd Contacts
Try deleting and reading the contacts, this method works for many to solve the error. follow the steps given:
- Open Outlook and then click Delete the contact
- Now click on the Have contact send Signed email
- Right-click on the reply senders name and click on Add to contacts
- Now click Certificates and choose Cert > Properties
- Next, click on Trust and then Explicitly Trust this Certificate option
- Click OK for saving the setting and close
- Again, click on Have contact send Encrypted email option and right-click on the reply sender’s name
- Then click on Add to contacts, and Update option
- Lastly, Save and then Close contact
Hope the given steps works for you to get past the error but if not then download and the latest Install Root Militarycac *.MSI version and install it.
You can download this by searching the militarycac in the browser here click on the dod certs and download the latest Install Root Militarycac *.MSI version. You can also look for the Non-admin version as this works best for the domain environment.
And as it is installed right-click and subscribe to EC root and install Certificate and save the settings. Once the steps are completed restart your system.
Now check if the error is resolved. This step will help you to add and then correct any cert chain that got damaged and messed and solve the error in your case hopefully.
If somehow the error is not yet resolved then here it is suggested to modify the registry entries very carefully and solve the error completely.
Follow the steps given to do so
- Hit Win+R keys on your keyboard and open the RUN box.
- In the box type Regedit and click Enter
- Then in the Registry Editor go to the path given HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security.
- Then in the right side window, click for creating the new DWORD Value – UseAlternateDefaultEncryptionAlg.
- And double-click on the entry for editing the value and change it from 0 to 1.
- Just like that now you need to create the latest STRING value – DefaultEncryptionAlgOID.
- And then double-click on the entry for editing the value.
- Here types the given value – 1.2.840.113549.3.7.
Now the given string value will display the OID to the 3DES encryption algorithm.
So, these are the solutions that work for you to solve the Your Digital Id Name Cannot Be Found By The Underlying Security Outlook error.