Known issues with digitally signed email at IU

The tables below list issues that may affect sending or receiving email messages with digital signatures using S/MIME certificates at Indiana University.

On this page:


Creating and renewing S/MIME certificates

Issue Description Status Last updated
Some users receive certificates with an earlier expiration. While the default for new and renewed S/MIME certificates is set to three years, you may receive a digital certificate with a one-year expiration date. Known issue June 27, 2017

Sending digitally signed messages

Issues by platform Description Status Last updated
iOS (iPhone, iPad, etc.)
In iOS, sending mail from apps other than Mail are not digitally signed. In iOS, if you use the share function (usually represented by a square with an upward facing arrow going out of it) in apps such as Photos to send mail, the messages will not be digitally signed. This will be the case even if you have configured the Mail app to sign messages by default. This problem does not affect Mail itself, so you can use it send signed messages, including attachments, normally. Known issue January 19, 2017
Android
The Gmail app on Android devices does not support S/MIME. Google does not currently support the S/MIME protocol on their Gmail Android application. You can receive digitally signed messages; however, you will not be able to verify digital signatures, and you may not be able to open email attachments. As a workaround, the Android device may have another native email app that supports S/MIME, or you may need to download a third-party email app from the app store.

Note: UITS does not endorse any specific third-party Android apps; however, owners have reported success using the third-party email app "Nine - Outlook for Android". This is not a free app.

Known issue July 20, 2016
Android on Motorola devices does not support S/MIME. The Android email application installed on Motorola phones does not currently support signing email with S/MIME certificates. Known issue July 20, 2016
Some LG Android devices cannot digitally sign messages. On some LG Android devices, when you attempt to digitally sign messages, the S/MIME certificates become invalid and the messages display this error: "Error: The message contents may have been altered." Known issue October 14, 2016
Some Android devices receive warning icon that looks like a triangle with an exclamation point in the taskbar. After you have installed your S/MIME certificate on some Android devices, a warning icon that looks like a triangle with an exclamation point inside appears in the taskbar with the error message: "Network may be monitored By an unknown third party". Tapping the message will display "A trusted certificate on your phone is allowing a third party to monitor your network activity, including your emails, apps, and secure websites. CHECK TRUSTED CREDENTIALS". Known issue July 20, 2016
BlackBerry
Signed email messages from BlackBerry Passports show up as invalid. Signed email messages sent from the email application installed on the BlackBerry Passport will be reported as having an invalid signature by the Exchange server. Known issue July 20, 2016
Windows
Outlook for Windows does not send email from secondary accounts when email signing is set as the default. Outlook for Windows will not allow you to sign email messages without a valid certificate for that email address. Outlook will display an error reading "Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address". You'll need to either install a valid client certificate for the email address, or go to OPTIONS in the mail message and turn off Sign. Known issue July 21, 2016
Outlook in IUanyWare sometimes cannot send signed messages. You may experience intermittent issues sending signed email messages through Outlook when using IUanyWare. No error is produced, but clicking the Send button has no effect. Known issue August 5, 2016
In Outlook for Windows, when multiple accounts are on the same profile, certificates cannot be published to the GAL. The Publish to GAL... option is not available under "E-mail Security" in Outlook for Windows when multiple email accounts are mapped to the same profile. As a workaround, create a new profile with just the email account for which you wish to publish the certificates. Known issue July 21, 2016
Mac OS X
In Outlook 2016 for Mac, a signed email message reports, "The signing certificate for this message is not valid or trusted". If you receive this message, launch Keychain Access and ensure that both the "Microsoft_Intermediate_Certificates" and "Microsoft_Entity_Certificates" are present under "Keychains". If either or both are missing, choose Add Keychain... from the File menu, and select the missing keychain. You will need to do this for each missing keychain. Known issue December 1, 2016
General issues affecting all platforms
Encrypted email messages sent to the UITS Support Center or other IU teams contain no content. S/MIME-encrypted messages sent to any FootPrints environment (e.g., UITS Support Center, SCT2, EITS) will generate a blank email message with an unopenable attachment.

Note: This issue only affects encrypting a message, not digitally signing a message.

Known issue January 3, 2017
Attachments are stripped off when sent to some Gmail accounts. Some Gmail accounts are unable to properly read signed email messages. As a result, all attachments will show up as winmail.dat files, and will not be accessible. Known issue July 20, 2016

Receiving digitally signed messages

Issues by platform Description Status Last updated
Android
Some Android devices not displaying attachment icon on signed messages Using the standard mail app on some Android devices, email messages with attachments may not display the attachment icon until you open the signed message and tap Verify Signature. Known issue September 28, 2017
The Gmail app on Android devices does not support S/MIME. Google does not currently support the S/MIME protocol on the Gmail Android application. You can receive digitally signed messages; however, you will not be able to verify digital signatures, and you may not be able to open email attachments. As a workaround, the Android device may have another native email app that supports S/MIME, or you may need to download a third-party email app from the app store.

Note: UITS does not endorse any specific third-party Android apps; however, owners have reported success using the third-party email app "Nine - Outlook for Android". This is not a free app.

Known issue July 20, 2016
Some Samsung Galaxy devices cannot validate most signatures. After selecting Verify Signature within an email message, you may see an error message, such as "Verification failed" or "Error occurred while parsing signed message." If the email message has attachments, this issue may prevent you from opening them. As a workaround, use the Gmail email app to access your email account rather than the native email app; for directions, see At IU, how do I connect to my Exchange account with Android?

Although the Gmail app does not let you digitally sign messages, it does let you read digitally signed messages and open their attachments without issues.

Known issue September 15, 2016
Mac OS X
In Outlook 2016 for Mac, a signed email messages reports, "The signing certificate for this message is not valid or trusted". If you receive this message, launch Keychain Access and ensure that both the "Microsoft_Intermediate_Certificates" and "Microsoft_Entity_Certificates" are present under "Keychains". If either or both are missing, choose Add Keychain... from the File menu, and select the missing keychain. You will need to do this for each missing keychain. Known issue December 1, 2016
Linux/Unix
Older versions of Mutt, the text-based mail client for Unix systems, sometimes have digital signature validation issues. You may experience issues validating digital signatures when using older versions of Mutt. Due to the way Outlook clients generate digital signatures, you may see an error similar to "Error: Inconsistent multipart/signed structure!" This issue has been resolved in the updated version of Mutt. Resolved August 22, 2016
General issues affecting all platforms
In Conversations view, OWA does not provide preview text or a Reading Pane view for any digitally signed (S/MIME) email message. If you use Conversations view in OWA, preview text and Reading Pane view are not available for digitally signed (S/MIME) email. To read a digitally signed message, you must open it in a new window. Turning off Conversations view enables normal preview and Reading Pane functionality for S/MIME messages. You can enable preview text in Conversations view by installing the Microsoft S/MIME Active X Control plug-in and restarting your browser; however, Reading Pane functionality for encrypted messages cannot be enabled in Conversations view. Known issue; see Microsoft's Reading encrypted and digitally signed messages September 11, 2015

This is document aluf in the Knowledge Base.
Last modified on 2017-09-28 13:30:59.

  • Fill out this form to submit your issue to the UITS Support Center.
  • Please note that you must be affiliated with Indiana University to receive support.
  • All fields are required.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.

  • Fill out this form to submit your comment to the IU Knowledge Base.
  • If you are affiliated with Indiana University and need help with a computing problem, please use the I need help with a computing problem section above, or contact your campus Support Center.

Please provide your IU email address. If you currently have a problem receiving email at your IU account, enter an alternate email address.