SAP Knowledge Base Article - Public

3312233 - Error Message" E-Mail could not be sent: Signing Error: S/MIME identity does not exist with logical name "xxxx@example.com""

Symptom

The error message "E-Mail could not be sent: Signing Error: S/MIME identity does not exist with logical name "xxxx@example.com" is displayed when trying to send purchase orders by e-mail through a ByDesign tenant.

Environment

SAP Business ByDesign

Reproducing the Issue

  1. Go to Purchase Requests and Orders Work Center.
  2. Go to Purchase Orders View.
  3. Select in the dropdown All Purchase Orders.
  4. In the Search field, Search the Purchase Order ID Number.
  5. Select Purchase Order ID Number.
  6. Select View All Button.
  7. Go to Output History tab.
  8. Select the Error in the Output History Status.

The error message "E-Mail could not be sent: Signing Error: S/MIME identity does not exist with logical name "xxxx@example.com"" is displayed in the Error Description section.

Cause

The Key-Pair/Certificate for the configured outgoing e-mail "xxxx@example.com" is missing.

It is possible to check in the Business ByDesign system by following the below steps:

  1. Go to Application and User Management Work center.
  2. Go to Configure S/MIME View.
  3. Select Outgoing E-mails tab.

If key pair is uploaded a green tick will be shown in the column 'Key Pair Uploaded' and details will be seen in the Certificate Details area.

Resolution

Following are the two methods available to solve this issue:

First Method: Adding key pair for the configured E-mail

  1. Go to Application and User Management Work Center.
  2. Go to Configure S/MIME View.
  3. Select the Outgoing E-mails tab.
  4. Select the button Upload Key Pair.

 Second Method: Deactivate Signing Outgoing E-Mails

  1. Go to Application and User Management Work Center.
  2. Go to Configure S/MIME View.
  3. Select the Activate S/MIME tab.
  4. Deselect the Signing Outgoing E-Mails checkbox.

Additional notes regarding Outgoing E-Mails:

Outgoing E-Mail Scenarios:

If you choose to use the SAP standard sender address DoNotReply@<system domain> a key pair (needed for decryption and signature) is automatically created and signed by the SAP Passport CA.

If you want to use a different sender address in your own domain, it is required to create a key pair outside the BYD system and upload using the first method shown above. To verify e-mail signatures sent from this address the e-mail recipients must install the corresponding CA certificate in their e-mail clients. For the SAP Passport CA, the certificate can be obtained via the Help center link below. For external key pairs the certificate can be obtained from the signing CA.

Help Portal Link: E-Mail Security

Encrypting Outgoing E-Mails:

Import S/MIME certificates for all e-mail recipients who should receive encrypted emails.

Keywords

key pair, S/MIME identity does not exist with logical name, s/mime, outgoing e-mails, encrypting outgoing e-mails, certificate, SAP Passport CA , KBA , SRD-CC-SEC , Security , SRD-CC-CI-CCS , ByD Service Control Center , How To

Product

SAP Business ByDesign all versions