Re: Root Certificate

I checked out our issuer's certificate and the common name listed in the
Subject Name and Issuer Name is different and we don't have Subject
Alternative Name.

Is it the fact that the common name is different why I am experiencing these
problems?

Is there anything I can do on the client end to fix this? My IT dept. is
swamped and they promised to look at it but couldn't guarantee a fix.

Are the updates to Entourage to fix some of these issues coming in an update
or a whole new release?

On 1/24/06 12:57 AM, in article BFFB8043.14F09E%chrisridd@xxxxxxx, "Chris
Ridd" <chrisridd@xxxxxxx> wrote:

> On 24/1/06 2:19, in article BFFACEC7.945AC%nathanh@xxxxxxxxxxxxxxxxxxxx,
> "Nathan Herring [MSFT]" <nathanh@xxxxxxxxxxxxxxxxxxxx> wrote:
>
>> More specifically, the rules are that:
>> 1) You must match the common name in the subject name <OR> you must match a
>> FQDN or IP address found in a subject alternative name extension.
>> 2) If you have a critical Extended Key Usage ( 2 5 29 37 ) extension, then
>> it must list Server Authentication ( 1 3 6 1 5 5 7 3 1 ) as one of its
>> purposes.
>>
>> Given that, we don't have support for comparing IP addresses in subject
>> alternative names. (Yet.) We also have some issues about reporting what kind
>
> I thought the job of comparing the name the user entered to connect to with
> the name in the server's cert was the job of Apple's security framework?
> Apple's tpPolicies.cpp seems to have all this functionality...
>
> <http://darwinsource.opendarwin.org/10.4.4.ppc/libsecurity_apple_x509_tp-248
> 18/lib/tpPolicies.cpp>
>
> (It looks broadly similar to the code in 10.3.)
>
>> I highly suggest taking up the issue with your IT administrator. They should
>> be issuing correct certificates. They can use the "*.foo.com" syntax to be
>> able to match all the hosts in the foo.com domain (though not "a.b.foo.com",
>> for which it would need "*.*.foo.com").
>
> You're right - working around the error shouldn't be necessary.
>
> But experience suggests that an "IT admin" thinks it works with Windows
> clients they won't be keen to do anything to make it work with anything else
> :-(
>
> Cheers,
>
> Chris
>


.

Relevant Pages

  • Re: Root Certificate
    ... > Is it the fact that the common name is different why I am experiencing these ... > swamped and they promised to look at it but couldn't guarantee a fix. ... > Are the updates to Entourage to fix some of these issues coming in an update ...
    (microsoft.public.mac.office.entourage)
  • Re: Windows XP takes a long time to close
    ... there a simple fix or is this common with updates? ... Mae West ...
    (microsoft.public.windowsxp.newusers)
  • Re: Root Certificate
    ... >> Is it the fact that the common name is different why I am experiencing these ... >> swamped and they promised to look at it but couldn't guarantee a fix. ... >> Are the updates to Entourage to fix some of these issues coming in an update ... the common names of the certificate do not match and neither ...
    (microsoft.public.mac.office.entourage)
  • Re: Word lost dictionary after minor OS update to 10.4.11
    ... I wouldn't call it "common". ... And there is a fix on the way: ... Coincidently Entourage lost my settings and e-mail account info. ... Maybe other Office components lost prefs & settings as well? ...
    (microsoft.public.mac.office.word)
  • Re: Word 2007
    ... seems to be common among purchasers of Office Student and Home 2007, ... encountering this problem can find out how to fix it, ... My Office 2007 installation will not use its spell checker at all...and I ...
    (microsoft.public.office.misc)