Re: SSL POP3 works only locally if cert name is used

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

hi

yes there is a way to export the certificate and install it on the client
machine.
proceed as follows:

On the SERVER:
1- open Internet Explorer, click Tools -> Internet Options
2- Move to the "Content" tab. On that tab, click the button that says
"Certificates". This will pop up a new window.
3- On the new window move to the 4th tab (the one that says something like
"Root Certificate..."... I don't the exact translation as my IE is in
Portuguese).
4- On that tab you have a list of certificates. Your public certificate
(self signed) should be listed there. The name should be same as your
EXTERNAL address (the addres the external users use when accessing the
server).
5- Choose that certificate and then click "Export". It will export the
Public Key of your certificate. Safe that file and then send it/distribute
it to the clients.

When the clients receive the file (for example in their email), they must
then install the file in Trusted Root Certificates Store.
On the client computer, repeat steps 1 to 3.
After performing step 3, do as follows:
- Click Import
- Select the the certificate file that you have exported from the server
- Confirm changes

After that the users should no longer see the certificate warning when using
Outlook.

hope this can help
Pedro R.


"Juha" <Juha@xxxxxxxxxxxxxxxxxxxxxxxxx> escreveu na mensagem
news:E7DE204D-D0FC-4803-9F26-0BE542198898@xxxxxxxxxxxxxxxx
Hi Pedro and thanks your reply

First. Clients works now almost perfectly. In the end of the mail is one
question related certificate installing into Outlook Client Computer.

1. The public address is 83.150.92.x which is NATted in the HW FW to
192.168.x.y.
2. Server local address is 192.168.x.y
3. Outlook clients are separated all over the country and are not joined
into domain. So they have only Internet access.
4. If I place in the Outlook Client¨s settings the Incoming mail server:
mail.domainname.fi
the client doesn't receive mails. It works only if I place in incoming
server public IP: 83.150.92.x. HOLD ON, THIS WORKS NOW. I tested this in a
email domain that was not probly configured by ISP. #4 is working now.

Still. I don't know how to install the certificate into non domain
(Internet) Outlook Clients. Currently when eg. Outlook Express is started
the
user gets an Internet Security warning:

"The server you are connected to is using a security certificate that
could
not be verified.

A certificate chain processed, but terminated in a root certificate which
is
not trusted by the trust provider.

Do yoy want to continue using this server?"

If I press Yes everything works fine. What can I do to get rid of this
warning message? Suppose that is, some how to export my server's
certificate
to Intenet Outlook Clients.

Juha

===============

"Pedro CR" wrote:

I am confused about the certificates you use. Please clarify

1) What is the public addres? The one we must type when we are on the
Internet and want to access the server?

2) What is the private address of the server? The one we use to access
the
server internally?

3) Where are the Outlook clients located? In the internal network or the
exterior, on the Internet?

4) What doesn't work? When you access Outlook using the certificate for
address 1 or for address 2?

Pedro.


"Juha" <Juha@xxxxxxxxxxxxxxxxxxxxxxxxx> escreveu na mensagem
news:421D52C8-4344-49BA-8C2E-FB90CB21D944@xxxxxxxxxxxxxxxx
Hi

Have installed SSL POP3 in 2003 sbs std. with one nic. Forfarded in HW
FW
these ports to servers local IP:

25 smtp (traditional Exchange works fine)
443 SSL (Owa works fine allready)
995 SSL POP3
993 SSL IMAP (to release after POP3 works)

ISP has pointed A-record mail.domainname.fi to FWs public IP
Servers FQDN is somethinelse.domainname.fu
The sertificate is issued to mail.domainname.fi by mail.domainname.fi,
so
it
is self made by sbs server using CEICW.

If Outlook Client is configured to receive mail from our public IP
(incoming
mail server) it works fine (well, promts about untrusted certificate)
also
from Internet.
If Outlook Client is configured to receive mail from mail.domainname.fi
(incoming mail server) it doesn't work but locally only, not from
Internet.

1. Any ideas how I can success to use mail.domainname.fi address?
2. How can I install this certificate to client workstations. Actully
where
is the file? I have apx 25 non domain WSs around the country. Should I
send
the certificate to them burned in CD by mai?. Is it secure to send the
certificate by email?

Additionally our customer needs OMA in the future. They will use Nokia
phones for that. Anything special keep in mind.

Thanks, in advantage

Juha






.

Quantcast