Does Outlook 2007 have trouble with security certificates?

J

Jason Dunn

I'm hoping someone can help me with a very perplexing problem, because I'm
all out of ideas.

The short version is that I have a self-generated security certificate for
IMAP SSL, and despite importing it into the Trusted Root Certification
Authorities > Registry store, and it saying it's successful, when I reboot
the computer or even come out of sleep mode, Outlook (whether it's running
or not) complains it can't trust the server again. This happens across three
PCs with both Outlook and Windows Mail.

So is there a known issue with security certs and Outlook 2007?
 
B

Brian Tillman

Jason Dunn said:
The short version is that I have a self-generated security
certificate for IMAP SSL, and despite importing it into the Trusted
Root Certification Authorities > Registry store, and it saying it's
successful, when I reboot the computer or even come out of sleep
mode, Outlook (whether it's running or not) complains it can't trust
the server again. This happens across three PCs with both Outlook and
Windows Mail.

Are you sure the Trusted Root store if the correct place? Does the cert you
generated identify you as a Certificate Authority?
 
J

Jason Dunn

Are you sure the Trusted Root store if the correct place? Does the cert
you generated identify you as a Certificate Authority?

Sorry for the delay in getting back to you, I was waiting on a response from
my server admin. Here's what he said:

"Yes, the root CA is a CA cert. It is self-signed. Its Subject is
C=CA/ST=Alberta/L=Calgard/O=Thoughts Media/OU=Admin Team/CN=Root CA

It has X509v3 Basic Constraints "CA:TRUE" (which means it is a CA cert).
That's this guy's question, and the answer is yes.

There is a self-generated service cert which was signed by that root CA
cert. The subject of this cert is C=CA/ST=Alberta/O=Thoughts Media/OU=Admin
Team/CN=castle.thoughtsmedia.com/[email protected]"

That means nothing to me, but maybe it will mean something to you. :)
 
B

Brian Tillman

Jason Dunn said:
"Yes, the root CA is a CA cert. It is self-signed. Its Subject is
C=CA/ST=Alberta/L=Calgard/O=Thoughts Media/OU=Admin Team/CN=Root CA

It has X509v3 Basic Constraints "CA:TRUE" (which means it is a CA
cert). That's this guy's question, and the answer is yes.

There is a self-generated service cert which was signed by that root
CA cert. The subject of this cert is C=CA/ST=Alberta/O=Thoughts
Media/OU=Admin
Team/CN=castle.thoughtsmedia.com/[email protected]"

That means nothing to me, but maybe it will mean something to you. :)

What do you have set for the "Intended Purposes"?
 
J

Jason Dunn

What do you have set for the "Intended Purposes"?

Good question! I asked my admin guy, and he said that while the cert is RFC
3280 compliant, there's a clause there that says this:

" ... Certificate using
applications MAY require that a particular purpose be indicated in
order for the certificate to be acceptable to that application."

So is that what Outlook 2007 requires? And is this new to Outlook 2007, or
something that has always been the case?
 
B

Brian Tillman

Jason Dunn said:
Good question! I asked my admin guy, and he said that while the cert
is RFC 3280 compliant, there's a clause there that says this:

" ... Certificate using
applications MAY require that a particular purpose be indicated in
order for the certificate to be acceptable to that application."

So check the intended purpose.
So is that what Outlook 2007 requires? And is this new to Outlook
2007, or something that has always been the case?

It has always been the case, as far as I know.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top