Digital Signing of Entourage and Microsoft Certificates

[RichardT]

Version: 2008
Operating System: Mac OS X 10.5 (Leopard)
Processor: Intel
Email Client: Exchange

Leopard checks the digital signature of applications before letting them access the keychain. I am getting an authentication error for entourage along with an "allow deny alwaysAllow" choice. If I have the proper root certificates for Microsoft in my keychain, I should not be seeing this message.

1) Is microsoft digitally signing the applications it distributes in Office 2008 such that Leopard can check it?

2) If so, then what certs do I need and where do I get them?

 

[Corentin Cras-Méneur]

Leopard checks the digital signature of applications before letting them
access the keychain. I am getting an authentication error for entourage
along with an "allow deny alwaysAllow" choice. If I have the proper root
certificates for Microsoft in my keychain, I should not be seeing this
message.

Did you import it in the Login keychain?? That's where it should be.
If you're still getting the message, it's either because the cert is not
in the proper keychain, or that you got the wrong Cert for the server.

1) Is microsoft digitally signing the applications it distributes in
Office 2008 such that Leopard can check it?

Not sure. I doubt it actually,
You can use the "codesign -d " command on ENtourage in the Terminal. In
my case it says that the application is not signed.

In any case, codesigning is completely independent from the issue you
are describing here.

2) If so, then what certs do I need and where do I get them?

You need the root certificate from your e-mail server.
Import it in the Login keychain (in Leopard - for info, it goes in the
X509Anchors in previous versions of the System).

Corentin

 

[RichardT]

Hey, good answer. I did not know about the codesign command. Found a good reference here

<http://www.macosxhints.com/article.php?story=20071031031919687&query=codesign>

Information assurance is getting to be a scary issue; the day will come when all software will need to be digitally signed.

Thanks again,
RichardT

 

[Corentin Cras-Méneur]

Hey, good answer. I did not know about the codesign command. Found a
good reference here


<http://www.macosxhints.com/article.php?story=20071031031919687&query=co
design>

You can try "man codesign" in the Terminal,

Information assurance is getting to be a scary issue; the day will come
when all software will need to be digitally signed.

Yeah, and I suspect that this days is coming soon :-\


Corentin