Connection to Exchange not working

J

Jeff

Here is the problem. I have just gave external use to Outlook Web Access.
Since this is
now allowed Entourage for some reason doesn't want to connect properly to
the Exchange
Server. I'm running Windows Server 2003 and Exchange 2003.

I get the following error message:
Unable to establish a secure connection to X.X.X.X (ip address masked)
because the correct
certificate is not installed. If you continue the info you view and send
will not be secure.

No matter what I've done I can't seem to fix this issue and it started right
after Web Access
was accessible from the outside.

Any suggestions would be greatly appreciated.

Thanks
 
C

Corentin Cras-Méneur

Jeff said:
Here is the problem. I have just gave external use to Outlook Web Access.
Since this is
now allowed Entourage for some reason doesn't want to connect properly to
the Exchange
Server. I'm running Windows Server 2003 and Exchange 2003.

I get the following error message:
Unable to establish a secure connection to X.X.X.X (ip address masked)
because the correct
certificate is not installed. If you continue the info you view and send
will not be secure.

No matter what I've done I can't seem to fix this issue and it started right
after Web Access
was accessible from the outside.

Any suggestions would be greatly appreciated.
Click to expand...


You need to import the certificate from the server in your keychain (in
the X509 anchors). Either the network admin will provide it for you, or
if you have Tiger, you can use Safari to conenct to OWA and when you get
the warning, select "display certificate" to drag it to your desktop
where you can double-click it to import it in your Keychain (X509
anchors).

Corentin
 
J

Jeff

Hello,

I tried that already but the problem seems to be when I actually

go into Entourage and select the account I want. I then go to

the Security tab and select Signing Certificate. In there I should

be able to see the certificate I want to choose but for some

reason I am unable to. Microsoft sent me instructions in order

to fix the problem, but this is where I get stuck.

Any other suggestions would be greatly appreciated.

Regards,

Jeff
 
C

Corentin Cras-Méneur

Jeff said:
Hello,

I tried that already but the problem seems to be when I actually

go into Entourage and select the account I want. I then go to

the Security tab and select Signing Certificate. In there I should

be able to see the certificate I want to choose but for some

reason I am unable to. Microsoft sent me instructions in order

to fix the problem, but this is where I get stuck.

Any other suggestions would be greatly appreciated.

Regards,
Click to expand...

That's a different issue. The error message you mentioned in the first
post indicates that you cannot "securely" connect to your server
(because you don't have the valid *Server* certificate).

Now if you want to use a Signing certificate, that's completely
different.
You need to import it in your "session" keychain first, then you should
be able to use it in your e-mail account providing it matches your
e-mail address. How did you import your certificate ?? Did you get it
through Thawte or Verisign ???


Corentin
 
J

Jeff

I exported the certificate off my server. When I copied the .cer file to
the
desktop of the mac computer I then opened up the file and tried to import
the certificate into the Keychain. It appears to do something but I'm
unable
to see it within the keychain.

I also tried clicking on the keychain, then choosing X509 Anchors and then
clicking OK

I can see the certificate in the Microsoft_Intermediate_Certificate within
the keychain, but
when I go to the account in question I'm unable to select the one I want.

Any other suggestions. I appreciate all your help so far.

Jeff
 
C

Corentin Cras-Méneur

Jeff said:
I exported the certificate off my server. When I copied the .cer file to
the
desktop of the mac computer I then opened up the file and tried to import
the certificate into the Keychain. It appears to do something but I'm
unable
to see it within the keychain.
Click to expand...

It goes in the Certificate section of whatever keychain you have
selected. For this type of cert, I would suspect it needs to go to the
X509 anchors.
I also tried clicking on the keychain, then choosing X509 Anchors and then
clicking OK

I can see the certificate in the Microsoft_Intermediate_Certificate within
the keychain, but
when I go to the account in question I'm unable to select the one I want.
Click to expand...

It won;t be accessible for e-mails. That's not what this specific type
of certificate is for. See below,
Any other suggestions. I appreciate all your help so far.
Click to expand...


As I was saying, these are two different things. The cert you imported
is for secure connections to the server. Once imported, there is nothing
more for you to do.
The Security and signing settings you are trying to access are for
e-mail (not server) certificates. In order to use that, you need to
acquire such certificate from a proper authority (eg Thawte,
Verisign...), and for this specific e-mail address: import it and then
it should be available for you to use. These don't get imported into
X509, but amongst your own keychain items.
From what you describe here, it looks like you imported the server
certificate (for connections to the server) but never generated and
imported any e-mail signing certificate (for your own name and e-mail
address).
You can find more information about personal e-mail certificates here:
http://www.thawte.com/secure-email/personal-email-certificates/


Corentin
 
J

Jeff

I tried doing what you suggested at the Thawte website but I ran into a
problem
trying to get a certificate. First I was only able to retrieve a
certificate using Internet
Explorer and when I got to one of the last screens I was unable to go any
further.

I know there is a problem with certificates on IE, so I'm going to try and
resolve that
issue first and then hopefully I will be able to continue.

I appreciate all your suggestions and feel like a found solution is just
around the corner.
If there's anything else I can try please let me know.

Jeff
 
C

Corentin Cras-Méneur

Jeff said:
I tried doing what you suggested at the Thawte website but I ran into a
problem
trying to get a certificate. First I was only able to retrieve a
certificate using Internet
Explorer and when I got to one of the last screens I was unable to go any
further.
Click to expand...


Use Safari. It works like a charm on my Mac (running Tiger). The Cert is
imported automatically in the keychain.

Corentin
 
J

Jeff

It won't let me do anything while I'm in Safari. When I ask to get the
certificate
and then choose the Microsoft option that's when I get a message informing
me
that I need to use IE 4.0 or later. Not sure what's going on there.
 
C

Corentin Cras-Méneur

Jeff said:
It won't let me do anything while I'm in Safari. When I ask to get the
certificate
and then choose the Microsoft option that's when I get a message informing
me
that I need to use IE 4.0 or later. Not sure what's going on there.
Click to expand...


Select the Netscape/Mozilla option. The IE option requires Active X.

Corentin
 
J

Jeff

Tried that and I was able to get the certificate . Thanks for that. I
still can't get
Entourage to work properly. I'm getting frustrated. I'm not sure if you
have any
other ideas I can try. I do appreciate all the suggestions you have
provided thus
far.

Jeff
 
C

Corentin Cras-Méneur

Jeff said:
I
still can't get
Entourage to work properly. I'm getting frustrated. I'm not sure if you
have any
other ideas I can try. I do appreciate all the suggestions you have
provided thus
far.
Click to expand...

Now that the cert is in the keychina, you should be able to go to your
account setting in Entourage and bind the certificate (withthe e-mail
address EXACTLY matching the e-mail address you are trying to bind it
to) through the Security pance.
What happens exactly when you try ??

Corentin
 
J

Jeff

I'm still unable to choose the certificate.

I'm going to try and redo the whole process again to make sure I have not
missed anything. How do I know I have the exact same email on the server
as on the mac computer. I always thought they were exact?

Jeff
 
C

Corentin Cras-Méneur

Jeff said:
I'm still unable to choose the certificate.

I'm going to try and redo the whole process again to make sure I have not
missed anything. How do I know I have the exact same email on the server
as on the mac computer. I always thought they were exact?
Click to expand...


Well at wotk, I can use either [email protected] or
[email protected].
Exchange requires that I use the full address with "subserver". My
certificate therefore MUST have the full address as well and not the
short version.


Corentin
 
Top