How to Remove, Import, and Export Digital CertificatesLast reviewed: February 3, 1998Article ID: Q179380 |
The information in this article applies to:
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.
SUMMARYThis article describes how to remove, export and import digital certificates in Internet Explorer and Outlook Express.
MORE INFORMATIONDigital certificates, referred to as digital IDs in Outlook Express, are digitally signed statements that bind an encrypted key pair to a user's identity. This key can be used to sign and encrypt digital information. You can use digital certificates to verify that another person has the right to use a given identity. A digital certificate is signed by the Certification Authority that issued the certificate. A Certification Authority is a company responsible for issuing digital IDs and continuously verifying that digital IDs are still valid. The digital certificate is composed of a public key, a private key, and other identity information. This information may include the version of the Web browser, the operating system and the version of the operating system. The digital certificate may also include your e-mail address so that Outlook Express can use it as a digital ID. Depending on the information bound to the digital certificate by the Certifying Authority, it may not be possible to use the digital certificate after you upgrade the operating system or the Web browser, or to use the digital certificate on a different computer. You can attach multiple digital certificates to a message or transaction, forming a certification chain where each certificate proves the authenticity of the previous certificate. The top-level Certification Authority must be independently known and trusted by the recipient. When you install a digital certificate in a Web browser, it functions as electronic credentials that can be used by secure Web sites. This enables digital certificates to be used in place of password dialog boxes, services that require membership, or services that restrict access to particular users. Outlook Express supports Secure/Multipurpose Internet Mail Extensions (S/MIME) technology. Secure e-mail in Outlook Express protects your Internet communications using the following methods:
Internet Explorer stores digital certificates in the registry. Outlook Express uses these digital certificates to digitally sign and encrypt secure e-mail Because Outlook Express can manage multiple e-mail accounts, you can have a digital certificate associated with each of your e-mail accounts. The registry keys that contain the entries for your digital certificates do not contain any information about the Web address with which it is associated. For this reason, if you have multiple e-mail accounts for which you have obtained a digital certificate, you should export the digital certificate before you remove it.
Exporting Digital CertificatesTo export digital certificates, follow these steps:
Removing Digital CertificatesWhen a digital certificate is removed, any e-mail that is encrypted with the associated digital ID is no longer readable. This includes e-mail that you received before you removed the digital certificate, as well as e-mail you receive after you remove the digital certificate. The e-mail is encrypted using your public key, and because the digital certificate has been removed, you no longer have the private key needed to decrypt it. To read this e-mail again, you must import the digital certificate back into Internet Explorer, and then enabled it in Outlook Express. There is no method of exporting encrypted e-mail to an unencrypted format. If you receive any encrypted mail that you must be able to access, make sure you have successfully exported the digital certificate before you remove it. You may also be unable to view any Web sites that require client authentication based on that digital certificate until you either import it again, or generate another digital certificate to use for that Web site. For these reasons, Microsoft does not recommend removing digital certificates. You should keep the current digital certificate and obtain a new one for a new e-mail account or Web site that requires one. However, if this is not possible, and a digital certificate must be removed due to incorrect operation or for troubleshooting purposes, follow these steps: WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. Delete all the folders under the following registry key, and then restart your computer:
HKEY_Current_User\Software\Microsoft\SystemCertificates\My\ CertificatesWhen you remove the digital certificate from Internet Explorer, the associated digital ID is removed from Outlook Express.
Importing Digital CertificatesTo import digital certificates that you previously exported, follow these steps:
REFERENCESFor information about how to use a digital ID in Outlook Express, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q168726 TITLE : How to Digitally Sign and Encrypt Messages in Outlook ExpressFor additional information about digital certificates and digital IDs, in Internet Explorer, click Contents And Index on the Help menu, click the Index tab, type "personal certificates" (without quotation marks), and then click Display. In Outlook Express, click Contents And Index on the Help menu, click "creating and sending email messages," and then click "what are secure messages." For information about security, visit the following Microsoft Web site:
http://www.microsoft.com/Security/ |
Additional query words: 4.00
© 1998 Microsoft Corporation. All rights reserved. Terms of Use. |