This policy setting enables you to designate a required certificate authority for Outlook to use for encryption and digital signatures.
If you enable this policy setting, you can specify a required certificate authority by entering an X.509 distinguished name in the text field that is provided. The name must conform to the X.509 certificate format exactly. For example:
CN=WoodgroveBankCA, DC=WoodgroveBank, DC=com
If you disable or do not configure this policy setting, Outlook trusts any certificate authorities that are represented by certificates in the Trusted Root Certification Authorities store on users' computers.