Certificates

S

Steve

Hi,
Whenever I start Entourage I get a message saying "Unable to establish a
secure connection to xxx.spreydon.org.nz because the correct root certificate
is not installed".

If I click ok everything works fine but I see the message again when I
re-start Entourage.

What is the message talking about and how do I fix it?

Thanks,
Steve.
 
W

William Smith

Steve said:
Hi,
Whenever I start Entourage I get a message saying "Unable to establish a
secure connection to xxx.spreydon.org.nz because the correct root certificate
is not installed".

If I click ok everything works fine but I see the message again when I
re-start Entourage.

What is the message talking about and how do I fix it?
Click to expand...

Hi Steve!

Are you using an Exchange Server? Probably so.

Your server has a self-signed certificate but your Mac doesn't have the
server's root certificate to tell it that you trust it.

Are you connecting to a back-end or a front-end (OWA) address?

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
 
S

Steve

Hi William,

Yes I'm using Exchange. Is there some documentation somewhere that tells me
how to do this? Or can you enlighten me? Like how do I export the certificate
from Exchange, what format do I save it in, then how do I get it onto my mac?

Thanks!
Steve.
 
W

William Smith

Steve said:
Hi William,

Yes I'm using Exchange. Is there some documentation somewhere that tells me
how to do this? Or can you enlighten me? Like how do I export the certificate
from Exchange, what format do I save it in, then how do I get it onto my mac?
Click to expand...

Hi Steve!

The following instructions may not necessarily work for everyone but
they're worth trying before approaching your server admin to ask him to
export the certificate file for you.

1. Using Safari connect to your account using the Exchange Server
address you have in Entourage.

2. Locate the lock icon in the upper right corner of your window and
click it. The server's SSL certificate will appear.

3. Scroll down in the certificate until you reach the "URI" (not the
"CPS URI") item. It should be a clickable link. If so then click it to
download the "root certificate" file to your desktop.

4. Go to your desktop and double-click the root certificate file you
just downloaded. It should open the Keychain Access utility.

5. Assuming that you're using Mac OS X 10.4 (Tiger), select the
X509Anchors item from the drop down menu and install it there. At this
point you can restart Entourage and the message should no longer appear.

Hope this helps!

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
 
S

Steve

Hi William,

It all went ok to 3. When I scroll down I see 4 links with URI. The top two
in a section called "CRL Distribution Points" so I ignored those two. The 2nd
two are "Certificate Authority Information Access" clicking on the top link:
"ldap:///CN=server02,CN=AIA,CN=Public Key
Services,CN=Services,CN=Configuration... etc" did nothing, and the final
link: "http://server02.spreydon.org.nz/CertEnroll/server02.spreydon.org.nz
server02.crt" brought up another dialogue box asking what did I want to do
with the certificate, but there was no 'save to desktop' only things like
'use for email' 'use for internet' etc. I chose use for email but it has made
no change for Entourage. When I click that link again I see a message: "This
certificate is already installed as a certificate authority". Did I do
something wrong somewhere?

I'm using Leopard too.

Thanks,
Steve.
 
W

William Smith

Steve said:
Hi William,

It all went ok to 3. When I scroll down I see 4 links with URI. The top two
in a section called "CRL Distribution Points" so I ignored those two. The 2nd
two are "Certificate Authority Information Access" clicking on the top link:
"ldap:///CN=server02,CN=AIA,CN=Public Key
Services,CN=Services,CN=Configuration... etc" did nothing, and the final
link: "http://server02.spreydon.org.nz/CertEnroll/server02.spreydon.org.nz
server02.crt" brought up another dialogue box asking what did I want to do
with the certificate, but there was no 'save to desktop' only things like
'use for email' 'use for internet' etc. I chose use for email but it has made
no change for Entourage. When I click that link again I see a message: "This
certificate is already installed as a certificate authority". Did I do
something wrong somewhere?
Click to expand...

Hi Steve!

I think you're on the right track. The certificate file you want is at
this link
"http://server02.spreydon.org.nz/CertEnroll/server02.spreydon.org.nz
server02.crt".

Try copying and pasting the link into Firefox and see if it will allow
you to download the .crt file to your Desktop. If so, then you're most
of the way there.

Since you're using Leopard, you should know that root certificate
support with Entourage needs a little work around. Have a look at this
blog post of mine
<http://blog.entourage.mvps.org/2007...s_entourage_support_for_exchange_ssl_roo.html>
and then look into the comments below for my FOLLOWUP. You'll need to
use the certtool command line utility to put the certificate in the
right place. (Don't let the command line worry you. It's easy to fix the
problem.)

Hope this helps!

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>
 
Top