Suppress certificate email check
The Email+ app can now suppress the verification of certificates using email address in case of email address or domain mismatch. To enable this feature add the smime_suppress_certificate_email_check value to the Optional features restriction. When the Email+ app receives an email signed with a certificate, where the email address or domain differs from the sender's emails address, the Email+ app associates the certificate with the sender's email address, so that the Email+ app can use the certificate when sending encrypted emails to the sender.
The Email+ app adds an encryption certificate when a signed email is sent. The encryption certificate is automatically saved and associated to the certificate if the certificate in the email is different than the sender's email. The user can also add the certificate manually using the Add from Keystore or Add from Global Address List options.
If email in the SMIME certificate doesn't correspond to email of the Exchange user, then this certificate cannot be retrieved by server when we search GAL.
Currently with SMIME implementation, when Email+ tries to encrypt an email it first checks for the certificate in local cache and if the certificate is not available then Email+ tries to download available certificate from GAL.
New 'Recipient certificates' option appears in Compose email screen. Tap 'Recipient certificates' option to view the list of recipients with associated certificates. User can also add and delete certificates on this screen.
The receiver should save the encryption certificate and make association for the certificate if the certificate in the email is different than the sender's email.