Entourage 2008: Exchange certificate?!

[OxygeN]

Hello there,

how do I have to proceed to get rid of the annoying pop-up which tells
me that I do not have a certificate for connecting to my Exchange 2003?

Thanks...

 

[Corentin Cras-Méneur]

Hello there,

how do I have to proceed to get rid of the annoying pop-up which tells
me that I do not have a certificate for connecting to my Exchange 2003?

Wellllllll you need to install the root certificate in your Keychain.
You might want to contact your network administrator to ask for the
certificate.

Corentin

 

[OxygeN]

Corentin Cras-Méneur ha scritto:

Wellllllll you need to install the root certificate in your Keychain.
You might want to contact your network administrator to ask for the
certificate.

I *am* the network and server administrator: how do I have to proceed then?

 

[Corentin Cras-Méneur]

Corentin Cras-Méneur ha scritto:


I *am* the network and server administrator: how do I have to proceed then?

Well if you are the admin, you should know how to export the public root
certificate from the server. If you don;t know, you'll have to repost
inthe Exchange groups.
You can often find the path to the root certificate in the warning about
certificates you get in Safari when you try to connect to the accounts
through OWA.

This certificate is to be imported on the Mac in the Login keychain in
Leopard and in the X509Anchors in previous versions.

After that, you shouldn't see the message again,



Corentin

 

[Donnie3iii]

Hello there,

how do I have to proceed to get rid of the annoying pop-up which tells
me that I do not have a certificate for connecting to my Exchange 2003?

Thanks...

It seems with the latest patch a new error was introduced.

http://groups.google.com/group/micr...a8/66ec383ab057b81b?lnk=raot#66ec383ab057b81b

Here are a couple things you can try:

http://www.themachelpdesk.com/index.php?name=News&catid=&topic=19&allstories=1
http://www.macosxhints.com/article.php?story=2007082012492012
http://www.entourage.mvps.org/faq_topic/leopard.html#leo5

Exporting a cert from Windows 2000/2003 domain
http://www.webhostingtalk.com/showthread.php?t=244062

 

[OxygeN]

Corentin Cras-Méneur ha scritto:

Well if you are the admin, you should know how to export the public root
certificate from the server. If you don;t know, you'll have to repost
inthe Exchange groups.

Well, it's not a daily task in my job, to export public root
certificates... nevertheless: using "certsrv" web directory, I am faced
to choose between:
Encoding method: DER or Base64

which of the above do I choose?

And also:

Download CA certificate
Download CA certificate chain
Download latest base CRL
Download latest delta CRL

Which one of the aboves do I have to download and then install in the
login keychain?

This certificate is to be imported on the Mac in the Login keychain in
Leopard and in the X509Anchors in previous versions.

Which file extension should the certificate file have? I have it now .cer

Thanks again.

 

[Corentin Cras-Méneur]

Well, it's not a daily task in my job, to export public root
certificates... nevertheless: using "certsrv" web directory, I am faced
to choose between:
Encoding method: DER or Base64

Donnie3iii provided a useful link for that:

Exporting a cert from Windows 2000/2003 domain
http://www.webhostingtalk.com/showthread.php?t=244062

which of the above do I choose?

I vote for Base64.

And also:

Download CA certificate
Download CA certificate chain
Download latest base CRL
Download latest delta CRL

Which one of the aboves do I have to download and then install in the
login keychain?

I *suspect* it is the first one.

Which file extension should the certificate file have? I have it now .cer

That's exactly what you need.

Corentin

 

[OxygeN]

Corentin Cras-Méneur ha scritto:

[cut]

That's exactly what you need.

Sorry if I may seem to be asking almost "obvious" or easy things, the
fact is that I tried two days ago the procedure of downloading "CA
certificate" and save it as a .cer file on my OS X Leopard. After this,
I added the certificate in the "login" section, closed Entourage and
re-opened it: nothing changed! I still get the annoying pop-up... :-/

I'll be retrying it following the link posted...

 

[Corentin Cras-Méneur]

Sorry if I may seem to be asking almost "obvious" or easy things, the
fact is that I tried two days ago the procedure of downloading "CA
certificate" and save it as a .cer file on my OS X Leopard. After this,
I added the certificate in the "login" section, closed Entourage and
re-opened it: nothing changed! I still get the annoying pop-up... :-/

You did what you were supposed to.
Double-click the .cer opens Keychain Access. In the Import dialog there
you select to add it to the login keychain.

If you still get the warning, it probably is because you didn't have the
proper root certificate :-\

One thing though: Did you check in Keychain Access that the certificate
was indeed properly listed there? Can you access your OWA page in Safari
without getting a warning??

Corentin

 

[William Smith]

Corentin Cras-Méneur ha scritto:

[cut]

That's exactly what you need.

Sorry if I may seem to be asking almost "obvious" or easy things, the
fact is that I tried two days ago the procedure of downloading "CA
certificate" and save it as a .cer file on my OS X Leopard. After this,
I added the certificate in the "login" section, closed Entourage and
re-opened it: nothing changed! I still get the annoying pop-up... :-/

Does the pop-up show you the server name or a domain name?

If you're seeing a report about connecting to "server.domain.com" then
that's most likely the root certificate problem.

However, if you're seeing a report about connecting to "domain.com" then
that's a new issue that has come to play in SP1 (12.1.0). Microsoft is
still investigating that new issue.

--

bill

William M. Smith, Microsoft Interop MVP - Mac/Windows
Entourage Help Page <http://entourage.mvps.org/>
Entourage Help Blog <http://blog.entourage.mvps.org/>

 

[Chris Collins]

Microsoft is still investigating that new issue.

Any new news? Certificate is installed not only in login, but also in the X509Anchors folder (It still exists, but doesn't work)

 

[OxygeN]

William Smith ha scritto:

Does the pop-up show you the server name or a domain name?

If you're seeing a report about connecting to "server.domain.com" then
that's most likely the root certificate problem.

It was showing me the FQDN of my server (server.domain.local)...

However, if you're seeing a report about connecting to "domain.com" then
that's a new issue that has come to play in SP1 (12.1.0). Microsoft is
still investigating that new issue.

.... but on one Mac I started Microsoft Update and in fact after it
installed the latest SP1, it started showing a different message, no
more FQDN but simply "domain.local"... :-(