BUG REPORT: X-509 certificate can't be used for S/MIME encryption.


Article ID: 158178


Updated On:


Desktop Email Encryption Encryption Management Server


Unable to send encrypted e-mails to S/MIME certificate using Symantec Encryption Desktop and Symantec Encryption Management Server.


Following error can be seen in log:

"E-Mail  Info MAPI Proxy: Rejecting key "test.de <[email protected]>" (KeyID: 0x811084CB) because it has no valid certificate for S/MIME encryption"


Certificate contains keyEncipherment flag only (Key Usage flag displayed as "Key Encipherment" when viewing certificate details on Windows OS).


This issue is fixed in the following release:

  • Symantec Encryption Desktop 10.3.2 MP1 (Build 15337) and above

For a full list of resolved issues in Symantec Encryption Desktop 10.3.2 including all Maintenance Packs (MP) please check http://www.symantec.com/docs/TECH166098

This version/Maintenance Pack is available for download via your account on Symantec File Connect - https://fileconnect.symantec.com

Applies To

Symantec Encryption Management Server (SEMS)  3.3.x

PGP Universal Server 3.2.x

Symantec Encryption Desktop (SED) 10.3.x

PGP Desktop 10.2.x