Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private key,
the box is grayed out and a note indicates that "The associated private key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

Do you still have the original e-mail from Verisign that contains your
certificate?

/neo

ps - the error you see is expected because the certificate key store doesn't
contain the private key for said certificate

"Jorge Ramos" wrote in message
...
Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private
key,
the box is grayed out and a note indicates that "The associated private
key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

Yes, I do. I have the Verisign email with a long string of characters which
are used to retrieve and activate the certificate.

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the certificate (free
of charge). I did replace it and now I have two certificates, none of which
works. I now have two certificates which appear identical. Not knowing which
of the two to select in configuring Outlook, I first selected the one on the
top. I then tested to see if I could send digitally signed emails. Because I
could not send digitally signed emails I tried again to configure Outlook
using the second certificate (at the bottom). Again, I then tested to see if
I could send digitally signed emails and I could not. I still receive the
message "Your digital ID name cannot be found by the underlying security
system.". I then went to Internet Explorer to try to export the certificate
to then attempt to import it again. Since I could not identify which of the
two certificates is the most recent or valid, I attempted to export both
certificates. In both instances, when attempting to export the private key,
the box is grayed out and a note indicates that "The associated private key
can not be found. Only the certificate can be exported."

Am I required to take any other steps with the certificate or with the
configuration?

Thanks!






"neo [mvp outlook]" wrote in message
...
Do you still have the original e-mail from Verisign that contains your
certificate?

/neo

ps - the error you see is expected because the certificate key store
doesn't contain the private key for said certificate

"Jorge Ramos" wrote in message
...
Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a
new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be
found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private
key,
the box is grayed out and a note indicates that "The associated private
key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

What i would do is this...

Uninstall the personal certificate you have now. You should be able to
access it via IE's Internet Options Content tab Certificates Personal
tab. Once you have it removed, close the dialog box and then install one of
the .PFX files Verisign sent you. Go back to IE's Internet Options
Content tab Certificates Personal tab and double click on the
certificate. Down near the bottom will show the issued to, from, valid
dates, and whether or not it has the private key. If the text "You have a
private key that corresponds to this certificate" is missing, then uninstall
and try the other .PFX file.

If neither contains that blurb, you will need to let Verisign know that both
files sent are missing the private key.


"Jorge Ramos" wrote in message
...
Yes, I do. I have the Verisign email with a long string of characters
which are used to retrieve and activate the certificate.

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the certificate
(free of charge). I did replace it and now I have two certificates, none
of which works. I now have two certificates which appear identical. Not
knowing which of the two to select in configuring Outlook, I first
selected the one on the top. I then tested to see if I could send
digitally signed emails. Because I could not send digitally signed emails
I tried again to configure Outlook using the second certificate (at the
bottom). Again, I then tested to see if I could send digitally signed
emails and I could not. I still receive the message "Your digital ID name
cannot be found by the underlying security system.". I then went to
Internet Explorer to try to export the certificate to then attempt to
import it again. Since I could not identify which of the two certificates
is the most recent or valid, I attempted to export both certificates. In
both instances, when attempting to export the private key, the box is
grayed out and a note indicates that "The associated private key can not
be found. Only the certificate can be exported."

Am I required to take any other steps with the certificate or with the
configuration?

Thanks!






"neo [mvp outlook]" wrote in message
...
Do you still have the original e-mail from Verisign that contains your
certificate?

/neo

ps - the error you see is expected because the certificate key store
doesn't contain the private key for said certificate

"Jorge Ramos" wrote in message
...
Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my
question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a
new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be
found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign troubleshooting
requires one to export the private key from within Internet Explorer and
then importing it again. However, when attempting to export the private
key,
the box is grayed out and a note indicates that "The associated private
key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

Neo, thanks for your reply. However, VeriSign never sent any files, .PFX or
otherwise. I just received an email from Verisign providing a "digital id
pin number" along with a link. Once I clicked on the link, I was prompted
for my "digital id pin number" and other information. The installation of
the certificate occurred automatically. Because I don't have a .PFX file I
can not do what you suggest.

I've had several digital id's in the past on this same computer. Is it
possible that something is corrupted?



"neo [mvp outlook]" wrote in message
...
What i would do is this...

Uninstall the personal certificate you have now. You should be able to
access it via IE's Internet Options Content tab Certificates
Personal tab. Once you have it removed, close the dialog box and then
install one of the .PFX files Verisign sent you. Go back to IE's Internet
Options Content tab Certificates Personal tab and double click on
the certificate. Down near the bottom will show the issued to, from,
valid dates, and whether or not it has the private key. If the text "You
have a private key that corresponds to this certificate" is missing, then
uninstall and try the other .PFX file.

If neither contains that blurb, you will need to let Verisign know that
both files sent are missing the private key.


"Jorge Ramos" wrote in message
...
Yes, I do. I have the Verisign email with a long string of characters
which are used to retrieve and activate the certificate.

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the certificate
(free of charge). I did replace it and now I have two certificates, none
of which works. I now have two certificates which appear identical. Not
knowing which of the two to select in configuring Outlook, I first
selected the one on the top. I then tested to see if I could send
digitally signed emails. Because I could not send digitally signed emails
I tried again to configure Outlook using the second certificate (at the
bottom). Again, I then tested to see if I could send digitally signed
emails and I could not. I still receive the message "Your digital ID name
cannot be found by the underlying security system.". I then went to
Internet Explorer to try to export the certificate to then attempt to
import it again. Since I could not identify which of the two certificates
is the most recent or valid, I attempted to export both certificates. In
both instances, when attempting to export the private key, the box is
grayed out and a note indicates that "The associated private key can not
be found. Only the certificate can be exported."

Am I required to take any other steps with the certificate or with the
configuration?

Thanks!






"neo [mvp outlook]" wrote in message
...
Do you still have the original e-mail from Verisign that contains your
certificate?

/neo

ps - the error you see is expected because the certificate key store
doesn't contain the private key for said certificate

"Jorge Ramos" wrote in message
...
Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my
question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a
new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be
found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign
troubleshooting
requires one to export the private key from within Internet Explorer
and
then importing it again. However, when attempting to export the private
key,
the box is grayed out and a note indicates that "The associated private
key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

On your machine, doubt it because if you don't have the private key, then
you are stuck. Is the verisign link/pin still active where you can download
the certificate as many times as you need to?

"Jorge Ramos" wrote in message
...
Neo, thanks for your reply. However, VeriSign never sent any files, .PFX
or otherwise. I just received an email from Verisign providing a "digital
id pin number" along with a link. Once I clicked on the link, I was
prompted for my "digital id pin number" and other information. The
installation of the certificate occurred automatically. Because I don't
have a .PFX file I can not do what you suggest.

I've had several digital id's in the past on this same computer. Is it
possible that something is corrupted?



"neo [mvp outlook]" wrote in message
...
What i would do is this...

Uninstall the personal certificate you have now. You should be able to
access it via IE's Internet Options Content tab Certificates
Personal tab. Once you have it removed, close the dialog box and then
install one of the .PFX files Verisign sent you. Go back to IE's
Internet Options Content tab Certificates Personal tab and double
click on the certificate. Down near the bottom will show the issued to,
from, valid dates, and whether or not it has the private key. If the
text "You have a private key that corresponds to this certificate" is
missing, then uninstall and try the other .PFX file.

If neither contains that blurb, you will need to let Verisign know that
both files sent are missing the private key.


"Jorge Ramos" wrote in message
...
Yes, I do. I have the Verisign email with a long string of characters
which are used to retrieve and activate the certificate.

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the certificate
(free of charge). I did replace it and now I have two certificates, none
of which works. I now have two certificates which appear identical. Not
knowing which of the two to select in configuring Outlook, I first
selected the one on the top. I then tested to see if I could send
digitally signed emails. Because I could not send digitally signed
emails I tried again to configure Outlook using the second certificate
(at the bottom). Again, I then tested to see if I could send digitally
signed emails and I could not. I still receive the message "Your digital
ID name cannot be found by the underlying security system.". I then went
to Internet Explorer to try to export the certificate to then attempt to
import it again. Since I could not identify which of the two
certificates is the most recent or valid, I attempted to export both
certificates. In both instances, when attempting to export the private
key, the box is grayed out and a note indicates that "The associated
private key can not be found. Only the certificate can be exported."

Am I required to take any other steps with the certificate or with the
configuration?

Thanks!






"neo [mvp outlook]" wrote in message
...
Do you still have the original e-mail from Verisign that contains your
certificate?

/neo

ps - the error you see is expected because the certificate key store
doesn't contain the private key for said certificate

"Jorge Ramos" wrote in message
...
Hello All,



I apologize in advance for the cross posting, but it occurs to me that
perhaps this is the NG where originally I should have posted my
question.
Instead, I posted it on microsoft.public.security.



My Class 1 Verisign Digital ID expired and I purchased (or renewed?) a
new
digital certificate. I disabled my Norton 2008 Firewall during the
installation of the VeriSign certificate and received no error
messages
during the installation. However, unlike in my previous installation I
receive the following error message: "Your digital ID name cannot be
found
by the underlying security system."



The VeriSign support is very disappointing. The VeriSign
troubleshooting
requires one to export the private key from within Internet Explorer
and
then importing it again. However, when attempting to export the
private key,
the box is grayed out and a note indicates that "The associated
private key
can not be found. Only the certificate can be exported."



I am using Win XP, IE 7.0.5730.11, Outlook 2003 SP3



Any suggestions on how to resolve the problem?



Thanks

Jorge Ramos wrote:

Neo, thanks for your reply. However, VeriSign never sent any files,
.PFX or otherwise. I just received an email from Verisign providing a
"digital id pin number" along with a link. Once I clicked on the
link, I was prompted for my "digital id pin number" and other
information. The installation of the certificate occurred
automatically. Because I don't have a .PFX file I can not do what you
suggest.

That's how VeriSign's managed PKI system works. I suspect you do not have a
private key recovery feature, either.

I've had several digital id's in the past on this same computer. Is it
possible that something is corrupted?

Not likely. Open IE and visit the dialogue Neo mentions. Select the
certificate and choose Export. The Export wizard will start. Click Next.
In the next page of the dialogue, you should see two radio buttons, one
labeled "Yes, export the private key" and the other labeled "No, do not
export the provate key". WHile the second one will be selected, the first
should be active so that you can select it. If it's not active, then you
certificate is damaged and does not have a private key. It's time to call
VeriSign.

If the "Yes" button is active, select it and click Next. The "Personal
Information Exchange" button should be selected, and the "Enable strong
encryption" bax checked. Click Next. Choose a password for the private key
and click Next.Browse to a folder where you want to save the exported
certificate, give it a name that's meaningful, and click Save, then Next,
then Finish. You should now have a PFX file containing your certificate and
its keys that you can reinstall if something happens to the PC. Keep a
couple of copies of thie file, one on the PC and one off, like on a flash
drive.
--
Brian Tillman [MVP-Outlook]

Jorge Ramos wrote:

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the
certificate (free of charge). I did replace it and now I have two
certificates, none of which works. I now have two certificates which
appear identical. Not knowing which of the two to select in
configuring Outlook, I first selected the one on the top. I then
tested to see if I could send digitally signed emails. Because I
could not send digitally signed emails I tried again to configure
Outlook using the second certificate (at the bottom). Again, I then
tested to see if I could send digitally signed emails and I could
not. I still receive the message "Your digital ID name cannot be
found by the underlying security system.". I then went to Internet
Explorer to try to export the certificate to then attempt to import
it again. Since I could not identify which of the two certificates is
the most recent or valid, I attempted to export both certificates. In
both instances, when attempting to export the private key, the box is
grayed out and a note indicates that "The associated private key can
not be found. Only the certificate can be exported."

If this were to happen to me, since it's a paid service, I'd be calling
VeriSign.
--
Brian Tillman [MVP-Outlook]

I have exactly the same problem.
Verisign has repeatedly told me to install firefox browser, reinstall the
digital ID, export the ID, then import it into MSIE.
My registry gets bloated enough without installing software to work around
another piece of software.
I'd like to know if anyone found a ID company works with MSIE 7.

"Brian Tillman" wrote:

Jorge Ramos wrote:

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the
certificate (free of charge). I did replace it and now I have two
certificates, none of which works. I now have two certificates which
appear identical. Not knowing which of the two to select in
configuring Outlook, I first selected the one on the top. I then
tested to see if I could send digitally signed emails. Because I
could not send digitally signed emails I tried again to configure
Outlook using the second certificate (at the bottom). Again, I then
tested to see if I could send digitally signed emails and I could
not. I still receive the message "Your digital ID name cannot be
found by the underlying security system.". I then went to Internet
Explorer to try to export the certificate to then attempt to import
it again. Since I could not identify which of the two certificates is
the most recent or valid, I attempted to export both certificates. In
both instances, when attempting to export the private key, the box is
grayed out and a note indicates that "The associated private key can
not be found. Only the certificate can be exported."

If this were to happen to me, since it's a paid service, I'd be calling
VeriSign.
--
Brian Tillman [MVP-Outlook]

I've never had problems with thawte's personal e-mail certificates. Other
than that, I am really surprised that Verisign is being as difficult as they
are, but maybe they have different support tiers when it comes to companies
getting certificates for web servers vs. personal certificates.


"Denizen" wrote in message
...
I have exactly the same problem.
Verisign has repeatedly told me to install firefox browser, reinstall the
digital ID, export the ID, then import it into MSIE.
My registry gets bloated enough without installing software to work around
another piece of software.
I'd like to know if anyone found a ID company works with MSIE 7.

"Brian Tillman" wrote:

Jorge Ramos wrote:

A little earlier I received email from VeriSign indicating that the
certificate might be corrupt. They asked me to replace the
certificate (free of charge). I did replace it and now I have two
certificates, none of which works. I now have two certificates which
appear identical. Not knowing which of the two to select in
configuring Outlook, I first selected the one on the top. I then
tested to see if I could send digitally signed emails. Because I
could not send digitally signed emails I tried again to configure
Outlook using the second certificate (at the bottom). Again, I then
tested to see if I could send digitally signed emails and I could
not. I still receive the message "Your digital ID name cannot be
found by the underlying security system.". I then went to Internet
Explorer to try to export the certificate to then attempt to import
it again. Since I could not identify which of the two certificates is
the most recent or valid, I attempted to export both certificates. In
both instances, when attempting to export the private key, the box is
grayed out and a note indicates that "The associated private key can
not be found. Only the certificate can be exported."

If this were to happen to me, since it's a paid service, I'd be calling
VeriSign.
--
Brian Tillman [MVP-Outlook]