Re: Root Cert Errors on Tiger with SP2
- From: Pete <dummy@xxxxxxxxxxxxxxxxx>
- Date: Wed, 21 Sep 2005 16:16:33 -0400
No solution here, just wanted to add my voice to this issue. I too have
followed instructions from themachelpdesk.com and elsewhere all to no avail.
I was hoping SP2 would address this issue but it doesn't not appear to be
the case. My root certificate works flawlessly with every other mail client
on my machine so it appears to be a problem isolated to Entourage.
Pete
On 9/21/05 11:31 AM, in article
1127316665.179645.272700@xxxxxxxxxxxxxxxxxxxxxxxxxxxx, "Pete Shaw"
<kiwipeteshaw@xxxxxxxxx> wrote:
> I wanted to wait till after SP2 (thankyou to the Microsoft BU for the
> other improvements to Entourage )was released to see if there was any
> change in behaviour - as the symptoms below affect both SP1 & SP2 of
> Office 2004 - I have reviewed all the postings I could see but none of
> the info has solved the problem for me.
> --
> I have been wrestling with getting some certs to work properly in our
> Exchange DEV environment,
> We have servername.region.dev.domain.tld cert, referencing an
> intermediate authority referencing the root CA cert. (Just for back
> ground we have our own CA, various intermediates authorities and every
> staff member has a personal cert).
>
> I am having certificate errors despite having the appropriate
> intermediate cert (in Microsoft_Intermediate_Certificates) & root cert
> being in the x509 anchors (with flags set to always trust)? I can
> connect and communicate over SSL but I am trying to negate the 'unable
> to establish a secure connection to server.xx.xxx.tld beacuse the
> correct root certificate is not installed' messages. All certs show as
> valid.
>
> I can connect to the same server through OWA with no errors and to
> other web based resources that require a personal cert (signed by the
> same intermediate CA as the server cert). However If I connect through
> Entourage I still get unable to verify root dialog (even though it will
> connect and send/receive through SSL fine). (Note I am using FQDN in
> every instance)
>
> If I :
>
> sudo openssl s_client -connect servername.region.dev.domain.tld:443
> -CApath ~/Desktop/certs
>
> it works fine (as long as I rehash the certs folder after copying
> intermediate and root to that location), If I don't specify the -CApath
> I can connect but get 'depth=1 /O=rootCA.com/OU=intermediateCA3verify
> error:num=20:unable to get local issuer certificate' - I'm presuming
> that OpenSSL isn't keychain aware and that is normal behaviour.
>
> I also have tried installing the certs (anchors and intermediate etc.)
> and even tried adding through the Microsoft cert manager using the root
> cert installation procedure at:
> http://www.themachelpdesk.com/modules.php?op=modload&name=News&file=index&cati
> d=&topic=19
>
> & also http://support.microsoft.com/default.aspx?scid=kb;en-us;887413
>
> Also installing through different cert formats (our CA provides pem,
> cacert, & der) + converting certs to different formats by
> importing/exporting through keychain but to no joy. Aslo trying
> installing as a local admin & root (just in case).
>
> I'm on OS X 10.4.2 using Entourage 2004 (latest patches) to Exchange
> 2003 & have also used the keychain certificate assistant which I can
> get to show everything as valid. All certs have a valid status in the
> keychain cert viewer, and making sure i don't have duplicates when I
> have been trying different combinations.
>
> The other relevant info is that this is an OWA frontend server - I am
> in the process of sorting a cert for the backend server to try that
> although was not expecting to need this (As the webbrowser doesn't).
> The other things I wanted to note is when we exported the server cert
> from the 2003 box (to a pfx (as per machelpdesk instructions) is that
> when importing the private key's name appears to be the key (where as
> other private keys name are more descriptive (i.e. Petes rootCA.com
> Private key) with the key hidden - I was not sure is this should be
> expected behaviour.
>
> Any ideas?
>
> cheers
>
> Pete
>
.
- Prev by Date: Re: -3260 with Entourage 2004 and Exchange Server - expert help needed with connection
- Next by Date: Re: -3260 with Entourage 2004 and Exchange Server - expert help needed with connection
- Previous by thread: Re: cannot find automatically e mail address which are NOT in address book
- Next by thread: Re: SP2 changed the names of my folders!!!
- Index(es):
Relevant Pages
|
