Required Certificate Authority
Supported on: At least Windows Server 2008 R2 or Windows 7
Registry
HKCU
software\policies\microsoft\office\16.0\outlook\security Options
requiredca text Description
This policy setting enables you to designate a required certificate authority for Outlook to use for encryption and digital signatures. If you enable this policy setting, you can specify a required certificate authority by entering an X.509 distinguished name in the text field that is provided. The name must conform to the X.509 certificate format exactly. For example: CN=WoodgroveBankCA, DC=WoodgroveBank, DC=com If you disable or do not configure this policy setting, Outlook trusts any certificate authorities that are represented by certificates in the Trusted Root Certification Authorities store on users' computers.