Fix: “Your Digital ID name cannot be found” on Outlook

Many users reported the error message “Your Digital ID name cannot be found by the underlying security system” while trying to open an encrypted email in Microsoft Outlook using the certificate which is having 3DES encryption abilities.

Your Digital ID name cannot be found by the underlying security system
Your Digital ID name cannot be found by the underlying security system

Email encryption has become very popular generally for emails that include sensitive data and stop email Spam. And encrypting the email in Outlook means it is transformed from the clear text into the jumbled code text. And the email can only be accessed by the recipient who is having the private key utilized for encrypting the mail can decode the message content and read it.

But, in some cases while opening the encrypted email the Recipient gets rejected and see the error message:

“Sorry, we’re having trouble opening this item. This could be temporary, but if you see it again you might want to restart Outlook. Your Digital ID name cannot be found by the underlying security system.”

Well, in some cases the error is temporary but for some users, the error continues to appear.  There is no specific reason why the error appears, however after investigation we find out the main reason responsible for the error is related to the Outlook build.

Launching with the Outlook build 16.0.8518.1000, Microsoft upgraded the default reserve algorithm from the 3DES to AES256. Therefore, when the user utilizes the Outlook 16.0.8518.1000 build or later delivers the encrypted emails and the recipient tries to open it by utilizing the 3DES only certificate encryption capabilities, the error message appears on their screen.

Despite this, another possible reason why you see the error is either you are not having the certificate to decode the email message, or else you both are having the certificate bot require some settings reconfiguration.

So, here try the potential solutions that work to get past the error message.

Verify Your Certificate

It is important for you to first confirm whether you are having a certificate for encrypting the email. So here follow the steps to verify if you are having a certificate or not.

  1. Launch Outlook and click on File, next click the Options
  2. Then under Options look for the Trust Center and click on it
    Click on Trust Center
  3. Next click on the Trust Center Settings and Email Security option
  4. Here near the settings button look for the cert. title

Open the certificate title and check if it is blank, then click the Settings and you can now select the certificate utilizing the Choose button and then click on OK. If they are blank, then here require buying a new certificate.

There are many External Certificate Authorities available you can choose to buy it. But if the certificate is available the try next solution.

Enable the Client Authentication & Secure Email option

Many users confirmed that enabling the option help them to fix the Outlook your digital id name cannot be found error.

Follow the steps to do so:

  1. Open Internet Explorer and here click on the Tools option
  2. Next, click the Internet Options and then on the Content tab
    Click on the Content tab
  3. From here you need to click the Certificates, next on Personal
  4. Click on the Advanced option and under Certificate Purpose look for the Client Authentication & Secure Email option
    Checkmark Client Authentication & Secure Email option
  5. And click the check box next to it, and click the OK button to save the changes.

Check if the error is fixed or not, but if still unable to decrypt the email, then head to the next solution.

Remove Problematic Senders’ Certificates

There is the possibility that the error occurs due to the problematic sender certificate, so here it is suggested to look for the particular ones and delete them.

Here follow the steps to do so:

  1. Click on the Start button and in the search box type MMC (Memory Management Console)
  2. And run the command, now as the command window open click CTRL+ M keys
  3. Then double click on Certificates, click the My User Account option, and OK
  4. Now Certificates – Current User, then Other People and then on Certificates
    Choose the current user under Certificate
  5. Here delete the problem senders certificates
  6. After that Close – Save console settings to Console1 yes.

Check if the Outlook Certificate error: Digital ID name cannot be found by the underlying security system is still persisting or fixed.

Delete and Readd Contacts

Try deleting and reading the contacts, this method works for many to solve the error. follow the steps given:

  1. Open Outlook and then click Delete the contact
    Delete the contact
    Delete the contact
  2. Now click on the Have contact send Signed email
  3. Right-click on the reply senders name and click on Add to contacts
  4. Now click Certificates and choose Cert > Properties
  5. Next, click on Trust and then Explicitly Trust this Certificate option
    Click the Explicitly Trust this Certificate option
  6. Click OK for saving the setting and close
  7. Again, click on Have contact send Encrypted email option and right-click on the reply sender’s name
  8. Then click on Add to contacts, and Update option
  9. Lastly, Save and then Close contact

Hope the given steps works for you to get past the error but if not then download and the latest Install Root Militarycac *.MSI version and install it.

You can download this by searching the militarycac in the browser here click on the dod certs and download the latest Install Root Militarycac *.MSI version. You can also look for the Non-admin version as this works best for the domain environment.

And as it is installed right-click and subscribe to EC root and install Certificate and save the settings. Once the steps are completed restart your system.

Now check if the error is resolved. This step will help you to add and then correct any cert chain that got damaged and messed and solve the error in your case hopefully.

Tweak Registry

If somehow the error is not yet resolved then here it is suggested to modify the registry entries very carefully and solve the error completely.

Follow the steps given to do so

  1. Hit Win+R keys on your keyboard and open the RUN box.
  2. In the box type Regedit and click Enter
    Open up the Registry Editor
  3. Then in the Registry Editor go to the path given HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security.
    Open the Registry Editor given path
  4. Then in the right side window, click for creating the new DWORD Value – UseAlternateDefaultEncryptionAlg.
    Create a New DWORD (32-bit) Value in the Platform Key
  5. And double-click on the entry for editing the value and change it from 0 to 1.
  6. Just like that now you need to create the latest STRING value – DefaultEncryptionAlgOID.
  7. And then double-click on the entry for editing the value.
  8. Here types the given value – 1.2.840.113549.3.7.

Now the given string value will display the OID to the 3DES encryption algorithm.

So, these are the solutions that work for you to solve the Your Digital Id Name Cannot Be Found By The Underlying Security Outlook error.


Hardeep Kaur

Hardeep is a passionate technical writer with more than 7 years of experience. She has a keen interest in PC games, Windows OS and everything surrounding it. She is a technology enthusiast and fascinated with technology since her childhood days.