Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

OL2002: Warning Error Message Appears When You Open a Certificate in an E-mail Message

View products that this article applies to.

This article was previously published under Q278207
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 ( ) Description of the Microsoft Windows Registry

↑ Back to the top


When you receive an e-mail that has a certificate, the following Certificate Revocation List (CRL) error message may appear when you open the certificate in the e-mail message:
The digital signature on this message is invalid because there are problems with the certificate accompanying this message.
When you click Details, the following error messages are listed:
The system cannot validate the certificate used to create this signature because the issuer's certificate is either unavailable or invalid.

The system cannot determine whether the certificate used to create this signature is trusted or not.

This behavior occurs when the e-mail is sent through a computer that runs Exchange 2000 Server with Key Management Server (KMS).

↑ Back to the top


This behavior can occur because Exchange 2000 Server does not install the CRL distribution extension in the registry by default.

↑ Back to the top


WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To work around this behavior, add a registry key to enable CRL:
  1. Start Registry Editor (Regedt32.exe).
  2. Locate and click the following key in the registry:
  3. On the Edit menu, click New, and then click Key.
  4. Type Security to name the new subkey, and then click this new subkey.
  5. On the Edit menu, click Add Value, and then add the following registry value:
    Value name: UseCRLChasing
    Data type: REG_DWORD
    Radix: Hexadecimal
    Value data: 1
    Other values you can use are 0 (zero) to use the system default, or 2 to never check for CRLs.

  6. Quit Registry Editor.

↑ Back to the top


Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top

Keywords: KB278207, kbpending, kbenv, kbbug

↑ Back to the top

Article Info
Article ID : 278207
Revision : 4
Created on : 2/21/2007
Published on : 2/21/2007
Exists online : False
Views : 442