![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 16%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(227.2, 9%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMN%3C/text%3E%3C/svg%3E)
Hi @Roman Malyar
Based on the information you provided, I understand that your client uses Microsoft 365 and Exchange Online, and 4 out of 10 clients cannot recognize the imported S/MIME certificate for a shared mailbox, while it works perfectly fine on the other 6 clients.
Please note that this is a user-to-user support forum. Moderators and contributors, including external Microsoft employees, cannot directly intervene in Microsoft product features or access back-end systems. Our role is limited to providing technical guidance on reported issues, requests, or ideas.
Because I currently do not have specialized tools to view your environment, I can only provide some directions for you to test:
Step 1: Deep Clean the Cached Certificate
On the machines experiencing the error, completely delete the imported certificate, ensuring the private key is removed as well. Once deleted, restart the PC immediately. This is necessary to clear out any lingering, corrupted references that might be stuck in the Windows CryptoAPI cache.
Step 2: Export a Fresh Copy from a Working Machine
Instead of using the original certificate file, let's pull a known-good configuration.
- Go to one of the 6 PCs where the signature is working perfectly.
- Find the S/MIME certificate, right-click it, and select All Tasks > Export.
- Choose Yes, export the private key and select the Personal Information Exchange – PKCS #12 (.PFX) format.
- Save the file and transfer it to the failing machine.
Step 3: Clean Import Process
- On the failing machine, double-click the newly transferred
.pfxfile. - Select Store Location: Current User and ensure it is placed in the Personal store.
- Enter the password.
- Crucial step: Ensure that "Enable strong private key protection" is UNCHECKED (do not turn this on).
- Complete the import wizard and restart the PC (or at least completely kill and restart Outlook).
Step 4: Profile Rebuilds
If the fresh import does not trigger recognition, try creating a completely new Outlook profile on the failing machine. Sometimes the mail profile itself corrupts its link to the local Windows certificate store.
If the new Outlook profile still fails, the underlying issue is likely rooted deep within the local user's Windows registry or crypto store. As a final isolation step, consider creating a completely new Windows user profile on that specific PC, setting it up fresh, and importing the certificate there.
Please let me know if you have any further information!
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.