An expired digital certificate affects messages sent before the certificate expired

This is an obvious tip but something to be aware of if you let your digital certificate expire. Digital certificates are licensed for terms of typically a year, or multiple years, at a time.

William Lefkovics

March 25, 2009

2 Min Read
ITPro Today logo in a gray background | ITPro Today

This is an obvious tip but something to be aware of if you let your digital certificate expire. Typically, digital certificates are licensed for terms of a year, or multiple years, at a time. Digitally signed emails, sent prior to the expiration of the digital certificate used to sign them, will still generate a certificate error when they are opened after the certificate has expired.

If the recipient opens a digitally signed message prior to the expiration date of a valid certificate, the message will appear fine and show a little certification award ribbon. If the recipient opens the same message after the expiration of the certificate, the recipient will see a certificate error in the message. If the recipient uses Microsoft Office Outlook, he or she will see this alert in the header area of the message: “There are problems with the signature. Click the signature button for details.” Click the signature button (a yellow diamond with a red exclamation mark, which replaces the certificate award ribbon) to open the window shown in Figure 1. Click the Details button to see the Message Security Properties window, which gives further information about the certificate. This windows includes the underlying error, which in this case is the “certificate used to create the signature is no longer valid,” as shown in Figure 2. From the Message Security Properties window, you can select View Details and View Certificate. Figure 3 shows the View Certificate window, which indicates that this certificate expired on December 13, 2008.

Outlook doesn’t provide a built-in advanced warning mechanism for expiring digital certificates. It’s up to you to manage the dates or perhaps setup a task to renew them in Outlook before they expire. For some of my clients, it’s important to not to let any sign of insecurity show to their customers. Certificate vendors often provide web-based certificate administration for administrators to create and issue certificates. Often those certificate management tools will alert administrators prior to client certificate expiration dates. Look for a Tips & Techniques article on configuring Outlook 2003/2007 for S/MIME for the enterprise soon.

About the Author

William Lefkovics

William Lefkovics, BSc, MCSE is the Technical Director at Mojave media group, LLC in Las Vegas, NV. He is the co-author of Microsoft Exchange Server 2007: The Complete Reference.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like