Novartis Associates' FAQ

  • New workstation or new e-mail address?

    Once you have received a new workstation (or got it re-staged) or you are using a new e-mail address, you have to follow the whole registration procedure again. See 'Getting started'.

  • 'Invalid Certificate' error message (while trying to reply to a digitally signed email)

    When you try to reply to an email and the error message Invalid Certificate is displayed (see image above), you do  not have your Secure Mail certificate installed. As a quick workaround you can select Change Security Settings... and un-check the Add digital signature to this message box.

    In order to solve the general problem you need to install your personal Secure Mail certificate. Please refer to  getting started.

  • 'Encryption Problems' error message (while trying to send an encrypted email)

    When you try to send an encrypted email and the error message Encryption
    is displayed (see image above), the recipients Email address may be
    wrongly cached or your Outlook client lacks of correct settings.

    To solve the issue you need to first delete wrongly cached email addresses, start
    typing the desired email address and before pressing enter, click on the cross of the popup as shown in the figure below.

    This should solve the issue, if it did not please renew your LDAP settings by following this instructions below.

    1. Open your Account settings in Outlook
     • File/Account Settings/Account Settings.../Address Books
    2. Delete the existing Secure Mail LDAP directory in Outlook
    3. Create new LDAP entry by selecting New...
     • enter Server Name: securemail.novartis.intra
     · select More Settings …
     · Under Search tab enter following value on Search Base, Custom: cn=admin,dc=novartis,dc=com and close window with OK.  

     • Select Next >, Finish
    4. Restart Outlook


  • 'Your digital ID name cannot be found' error message (while opening an encrypted email)

    You are usually getting this error when your workstation lacks your personel Secure Mail encryption certificate. This might happen if you have received a new workstation (or got it re-staged) or you have received a new e-mail address.

    Please follow the whole registration procedure once again. See 'Getting started'.

  • My PIN has expired / PIN not visible after login - How can I get a new PIN?

     The link in the email with your certificate attached ('.pfx') is only valid for 30 days. Once 30 days exceeded, you will need to start the registration process again as described on the 'Getting started' page.


  • How to send Secure E-mails using Outlook

    1. Open a new email.
    2. Select Encrypt and Sign


    - You need to be online to use the Secure Mail service. If you want to send secure emails written offline, save the email in the “Drafts” folder and send it securely as soon as you have access to the network. Encrypted e-mails can be read offline.
    - If the "Encrypt" and "Sign" buttons are not available in the Outlook toolbar your certificate is most probably not installed correctly. If a restart of Outlook doesn't help, you will need to follow the whole registration procedure again. See 'Getting started'.

  • Can secured e-mails be archived?

    Secured e-mails underlay the same archiving policies as other e-mails.

  • I forgot/lost my password for Secure Mail. What can I do?

    Secure Mail uses your windows credentials (5-2-1 unique ID and password). In order to reset it please contact your local IT Service Desk.

  • Sign and Encrypt buttons are missing in Outlook

     A common reason for missing buttons in Outlook is, that the certificate is not registered/installed properly. If a restart of Outlook doesn't help, you will need to follow the whole registration procedure again. See 'Getting started'.


  • How can I enable our generic mailbox to use Secure Mail?

     Generic mailboxes are supported in general. To get the necessary information please ask the mailbox owner to contact


  • How to send the one-time-password as SMS from Outlook

    Please be aware that the SMS service does not offer encryption. However, using this service gives you the opportunity to transfer information over an alternate channel and security requirements can still be met because of that. You can use this SMS service for transmission of the Secure Mail One-Time-Password.

    As a first step, enter the SMS recipient's phone number into the to: field with the addition of the domain as shown in the screenshot below. The actual message needs to be entered in the Subject: field. For the final step simply click on Send.


If you can't find and solve the issue you are looking for please contact your local IT Service Desk. If this didn't help you can send an email with a specific error description and steps to reproduce to