Does Outlook 2007 have trouble with security certificates?

  • Thread starter Thread starter Jason Dunn
  • Start date Start date
J

Jason Dunn

I'm hoping someone can help me with a very perplexing problem, because I'm
all out of ideas.

The short version is that I have a self-generated security certificate for
IMAP SSL, and despite importing it into the Trusted Root Certification
Authorities > Registry store, and it saying it's successful, when I reboot
the computer or even come out of sleep mode, Outlook (whether it's running
or not) complains it can't trust the server again. This happens across three
PCs with both Outlook and Windows Mail.

So is there a known issue with security certs and Outlook 2007?
 
Jason Dunn said:
The short version is that I have a self-generated security
certificate for IMAP SSL, and despite importing it into the Trusted
Root Certification Authorities > Registry store, and it saying it's
successful, when I reboot the computer or even come out of sleep
mode, Outlook (whether it's running or not) complains it can't trust
the server again. This happens across three PCs with both Outlook and
Windows Mail.
Click to expand...

Are you sure the Trusted Root store if the correct place? Does the cert you
generated identify you as a Certificate Authority?
 
Are you sure the Trusted Root store if the correct place? Does the cert
you generated identify you as a Certificate Authority?
Click to expand...

Sorry for the delay in getting back to you, I was waiting on a response from
my server admin. Here's what he said:

"Yes, the root CA is a CA cert. It is self-signed. Its Subject is
C=CA/ST=Alberta/L=Calgard/O=Thoughts Media/OU=Admin Team/CN=Root CA

It has X509v3 Basic Constraints "CA:TRUE" (which means it is a CA cert).
That's this guy's question, and the answer is yes.

There is a self-generated service cert which was signed by that root CA
cert. The subject of this cert is C=CA/ST=Alberta/O=Thoughts Media/OU=Admin
Team/CN=castle.thoughtsmedia.com/[email protected]"

That means nothing to me, but maybe it will mean something to you. :-)
 
Jason Dunn said:
"Yes, the root CA is a CA cert. It is self-signed. Its Subject is
C=CA/ST=Alberta/L=Calgard/O=Thoughts Media/OU=Admin Team/CN=Root CA

It has X509v3 Basic Constraints "CA:TRUE" (which means it is a CA
cert). That's this guy's question, and the answer is yes.

There is a self-generated service cert which was signed by that root
CA cert. The subject of this cert is C=CA/ST=Alberta/O=Thoughts
Media/OU=Admin
Team/CN=castle.thoughtsmedia.com/[email protected]"

That means nothing to me, but maybe it will mean something to you. :-)
Click to expand...

What do you have set for the "Intended Purposes"?
 
What do you have set for the "Intended Purposes"?

Good question! I asked my admin guy, and he said that while the cert is RFC
3280 compliant, there's a clause there that says this:

" ... Certificate using
applications MAY require that a particular purpose be indicated in
order for the certificate to be acceptable to that application."

So is that what Outlook 2007 requires? And is this new to Outlook 2007, or
something that has always been the case?
 
Jason Dunn said:
Good question! I asked my admin guy, and he said that while the cert
is RFC 3280 compliant, there's a clause there that says this:

" ... Certificate using
applications MAY require that a particular purpose be indicated in
order for the certificate to be acceptable to that application."
Click to expand...

So check the intended purpose.
So is that what Outlook 2007 requires? And is this new to Outlook
2007, or something that has always been the case?
Click to expand...

It has always been the case, as far as I know.
 
Back
Top