Required Certificate Authority

This policy setting enables you to designate a required certificate authority for Outlook to use for encryption and digital signatures.

If you enable this policy setting, you can specify a required certificate authority by entering an X.509 distinguished name in the text field that is provided. The name must conform to the X.509 certificate format exactly. For example:

CN=WoodgroveBankCA, DC=WoodgroveBank, DC=com

If you disable or do not configure this policy setting, Outlook trusts any certificate authorities that are represented by certificates in the Trusted Root Certification Authorities store on users' computers.

Supported on: At least Windows 7

X.509 issue DN that restricts choice of certifying authorities:

Registry Pathsoftware\policies\microsoft\office\16.0\outlook\security
Value Namerequiredca
Value TypeREG_SZ
Default Value


Administrative Templates (Computers)

Administrative Templates (Users)