Re: Root Certificate

I checked out our issuer's certificate and the common name listed in the
Subject Name and Issuer Name is different and we don't have Subject
Alternative Name.

Is it the fact that the common name is different why I am experiencing these
problems?

Is there anything I can do on the client end to fix this? My IT dept. is
swamped and they promised to look at it but couldn't guarantee a fix.

Are the updates to Entourage to fix some of these issues coming in an update
or a whole new release?

On 1/24/06 12:57 AM, in article BFFB8043.14F09E%chrisridd@xxxxxxx, "Chris
Ridd" <chrisridd@xxxxxxx> wrote:

> On 24/1/06 2:19, in article BFFACEC7.945AC%nathanh@xxxxxxxxxxxxxxxxxxxx,
> "Nathan Herring [MSFT]" <nathanh@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> More specifically, the rules are that:
>> 1) You must match the common name in the subject name <OR> you must match a
>> FQDN or IP address found in a subject alternative name extension.
>> 2) If you have a critical Extended Key Usage ( 2 5 29 37 ) extension, then
>> it must list Server Authentication ( 1 3 6 1 5 5 7 3 1 ) as one of its
>> purposes.
>>
>> Given that, we don't have support for comparing IP addresses in subject
>> alternative names. (Yet.) We also have some issues about reporting what kind
>
> I thought the job of comparing the name the user entered to connect to with
> the name in the server's cert was the job of Apple's security framework?
> Apple's tpPolicies.cpp seems to have all this functionality...
>
> <http://darwinsource.opendarwin.org/10.4.4.ppc/libsecurity_apple_x509_tp-248
> 18/lib/tpPolicies.cpp>
>
> (It looks broadly similar to the code in 10.3.)
>
>> I highly suggest taking up the issue with your IT administrator. They should
>> be issuing correct certificates. They can use the "*.foo.com" syntax to be
>> able to match all the hosts in the foo.com domain (though not "a.b.foo.com",
>> for which it would need "*.*.foo.com").
>
> You're right - working around the error shouldn't be necessary.
>
> But experience suggests that an "IT admin" thinks it works with Windows
> clients they won't be keen to do anything to make it work with anything else
> :-(
>
> Cheers,
>
> Chris
>


.

Relevant Pages

  • Re: Root Certificate
    ... > Is it the fact that the common name is different why I am experiencing these ... > swamped and they promised to look at it but couldn't guarantee a fix. ... > Are the updates to Entourage to fix some of these issues coming in an update ...
    (microsoft.public.mac.office.entourage)
  • Re: Win Update Alert - OK - Disappears til later
    ... There's something like a billion people in the developed part of the world, let's figure one relatively modern computer per ten people, half of which run Windows and have WGA installed; that's 50 million WGA installations. ... No sense in putting off the security updates. ... Is this common and / or is their a fix for this? ... It's common and no fix has been made available that I know of. ...
    (microsoft.public.windowsupdate)
  • Re: Windows XP takes a long time to close
    ... there a simple fix or is this common with updates? ... Mae West ...
    (microsoft.public.windowsxp.newusers)
  • Re: Root Certificate
    ... >> Is it the fact that the common name is different why I am experiencing these ... >> swamped and they promised to look at it but couldn't guarantee a fix. ... >> Are the updates to Entourage to fix some of these issues coming in an update ... the common names of the certificate do not match and neither ...
    (microsoft.public.mac.office.entourage)
  • Re: Vista updates have stopped
    ... updates took place ok on both machines. ... I went into the hospital over a month ago for surgery, ... Why is this and how do I fix it? ... That should be pretty easy to confirm by simply comparing the updates on the ...
    (microsoft.public.windows.vista.general)