Hi Amith, If you are using a Private CA (self signed, or non public), then the first thing you should do is import the CA certificate (public key) into the root store on both clients and servers. The easiest way to make this certificate available is on a website (internet/intranet) and provide users with instructions on how to import it. Once this is done you avoid the need to implicitly trust the certificates before use, this makes using private CA based certificate easier for users. The point you raised about the mismatch between the name used by the server and the name on the ceritifcate is a common problem, when in doubt, always use the FQDN. Rgds, Simon Thornton -------------------------------------------------------------------- S.W.I.F.T s.c (Gesa) Tel: +32 2655 4814 Ave Francois Dubois 2 Mob: +32 476 860 061 B1310 La Hulpe Fax: +32 2655 4185 Belgium -------------------------------------------------------------------- -----Original Message----- From: owner-openldap-software@OpenLDAP.org [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Amith Varghese Sent: Tuesday, April 30, 2002 05:46 To: x509security.com; Björn Fernhomberg Cc: openldap-software@OpenLDAP.org Subject: Re: Outlook/Outlook Express & ldaps:// I got everything to work... it seems that throughout all my testing and trying different IP addresses/DNS names on Outlook XP I had used the short internal name of the machine rather than the FQDN (which is on the certificate). Once I changed it, things started working. I guess when I did it on OE i had used the correct FQDN name. Since I've seen a couple of people ask this question I'm going to state all of the steps I have taken to get it working. Thanks to Oliver and Björn for all their help with this problem. Steps to get Outlook/Outlook Express to use a self signed certificate when connecting over SSL to an LDAP addressbook. 1) If you have a self signed certificate you must install the certificate using IE. To do this goto https://<LDAPSERVER>:636 2) IE will complain about the certificate not being from a Certified Authority that you trust. 3) Click View Certificate 4) Scroll down and click on Install Certificate 5) Accept the defaults for adding the certificate 6) In Outlook/Outlook Express make sure you enter the *exact* name that is on your self signed certificate in the server box. 7) Hopefully you should be able to connect if you have taken these steps. Thanks Amith On Mon, 2002-04-29 at 23:27, x509security.com wrote: > I don't know if this helps as I don't use XP but I am able to switch crl > checking on and off within MSIE > > Tools>Internet Options>Advanced> > Scroll down to Security and uncheck the boxes relating to crls > > > As far as I can tell, the problem is not your server configuration. > > I guess Outlook XP doesn't like your certificate. > > > > It seems Outlook XP handles certs differently than previous versions. > > I'm still using Outlook 2000, so I can't help you much on this one. > > After importing the self signed cert with IE, Outlook 2000 worked fine for > > me. > >
BEGIN:VCARD VERSION:2.1 N:Thornton;Simon FN:Simon N Thornton (E-mail) ORG:SWIFT;WT Security TITLE:Security Consultant TEL;WORK;VOICE:+32(0)26554814 TEL;HOME;VOICE:+33 (0) 49312 2112 TEL;CELL;VOICE:+32(0)476 860 061 TEL;WORK;FAX:+33 (0) 49312 2155 TEL;HOME;FAX:+33- (0) -493122155 ADR;WORK:;OG161;Rue Francois Dubois, 2;La Hulpe;;1310;Belgium LABEL;WORK;ENCODING=QUOTED-PRINTABLE:OG161=0D=0ARue Francois Dubois, 2=0D=0ALa Hulpe 1310=0D=0ABelgium ADR;HOME:;;160 Chemin de la verriere;Valbonne;Provence-Alpes-Cote D'Azure;06560;France LABEL;HOME;ENCODING=QUOTED-PRINTABLE:160 Chemin de la verriere=0D=0AValbonne, Provence-Alpes-Cote D'Azure 06560= =0D=0AFrance EMAIL;PREF;INTERNET:sthornton@imcn.net REV:20011017T155247Z END:VCARD
Attachment:
smime.p7s
Description: S/MIME cryptographic signature