Re: 'Security problem' with Entourage 2004 & digital signature

From: Chris Ridd (chrisridd_at_mac.com)
Date: 07/07/04 

Date: Wed, 07 Jul 2004 13:32:24 +0100

On 7/7/04 12:32 pm, in article 27f8d01c46416$0fee7380$a501280a@phx.gbl,
"Richard Kempe" <anonymous@discussions.microsoft.com> wrote:

> Thanks for your response, Chris.
>
>>> I've checked my certificate in the Keychain and ensured that its trust
>>> settings are set to 'Always Trust', but this has made no difference at all.
>>
>> I'm not sure if those popups actually set anything persistent.
>
> Short of venturing into UNIX and editing the certificate's trust settings
> where
> else would one accomplish this? In any case, the settings _do_ seem to
> persist -- they don't revert to 'Use System Settings' on quitting from
> Keychain Access.

To be honest I've not played with those popups much.

>> Does importing Thawte's signing cert into your X509Anchors
>> file help at all?
>
> I wouldn't have the first clue -- either how to import the certificate, or
> whether it would help. (I'm inclined to think, however, that it may already
> have been imported.)

Unless you have the certificate that signed your cert somewhere (and maybe
it doesn't have to be in X509Anchors, see below), you can't *really* trust
it, and I could see why Entourage barfs when trying to sign your mail.

Do you have Entourage set to include your cert in the message?

I've got two mail accounts, and have a key pair for each account. The
account I'm using for news has a Thawte Freemail certificate. Using Keychain
Access.app I can see (in my login keychain) 4 certificate "items": one
"Thawte Freemail Member" which is issued to me, one "Thawte Person Freemail
Issuing CA" which is the thing that signed the first cert, and a similar
pair of certs for my other account (which uses our in-house CA.) I have two
private key "items" which I hope correspond to my two user certificates.

If you want to experiment off-list, feel free to email me. I'll sign my
reply :-)

Cheers,

Chris

Relevant Pages

  • Re: Can not open encrypted files (EFS) (Urgent, please help)
    ... the account via a reset, without use of the old password. ... next use of EFS a new cert was generated. ... As an alternative, if the cause is a password reset, then if you can ... Certificate with an old one, If I can assign a correct Certificate to ...
    (microsoft.public.security)
  • Re: EFS recovery problem
    ... this seems to break efs as it does not update the locking ... some files are missing - for each cert in mmc, ... >especially now since my account name is Dave for some reason. ... export the Dave User certificate ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Wireless PKI for external users
    ... the proiblem isn't that the certificate is associated with AD ... > that isn't associate to a domain account. ... >> I believe that the cert. ... >>>> How can I connect securely externals users to my wireless network? ...
    (microsoft.public.security)
  • Re: EFS recovery problem
    ... I should have studied EFS ... Dave User cert, I get "Access Denied". ... especially now since my account name is Dave for some reason. ... export the Dave User certificate (in *.p7b ...
    (microsoft.public.windowsxp.security_admin)
  • Re: ADFS Token-signing Certs Not in Trusted Root Store
    ... This is good info, Joe. ... So now I know that the token-signing certificate is ... Get a signing cert from a CA ... case, you never have to worry about expiration or CRL checking, as your cert ...
    (microsoft.public.windows.server.active_directory)