Entourage and SSL question

X

X2RF

Is there any way to eliminate the "root certificate error" that comes up
when trying to secure POP3 to a server that uses a generic and unvalidated
server-side certificate that can't be verified by any CA? One of my
mailservers uses POP/SSL and every now and then I get the error message
about certs either popping up (first time) or flagging an alert in the
Entourage error log.

I've heard that Entourage has some unresolved SSL issues, is this one of
them?

I'm running latest Entourage and Office SP.

Thanks for any info on-list or off-list.

Rick
 
N

Nathan Herring [MSFT]

The prerequisite to this working is to install the root certificate of that
server certificate's certificate chain onto your X509Anchors keychain. If
it's a self-signed certificate, you'll need to install it itself. If not,
you'll need to find the certificate for the untrusted CA.

On 10.3.x and 10.4.x, KeyChain Access will import certificates fine. For
10.2.x and above, you can also use the Microsoft Cert Manager application to
do the import; it is located in the Microsoft Office 2004:Office folder.

That said, there are people who seem to have that precondition met, and are
still having the same error. I'm sure we (MacBU) does not fully understand
that situation, and would have to do some more investigation to come up with
any workaround or fix.

-nh
 
A

Aaron Adams

I wanted to add another data point to this thread. A client and I are having
the same issue. My client uses two SSL-enabled servers, both with
self-signed certificates. One is Tiger server and the other is something
else. Only the Tiger server causes Entourage to crash. I host a Tiger server
for e-mail with a self-signed certificate and it also causes my Entourage to
crash. Each of us has the appropriate certificate(s) installed into the
X509Anchors keychain. We can both reproduce this problem at will.
 
N

Nathan Herring [MSFT]

Thanks for this report; Apple apparently had already registered this error
with us wrt the kinds of certificates Tiger server creates by default. We've
addressed the problem, and the fix will be made available in an upcoming
release.
 
Top