[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Outlook/Outlook Express & ldaps://

Hi Amith,

If you are using a Private CA (self signed, or non public), then the
first thing you should do is import the CA certificate (public key) into
the root store on both clients and servers. The easiest way to make this
certificate available is on a website (internet/intranet) and provide
users with instructions on how to import it.  Once this is done you
avoid the need to implicitly trust the certificates before use, this
makes using private CA based certificate easier for users.

The point you raised about the mismatch between the name used by the
server and the name on the ceritifcate is a common problem, when in
doubt, always use the FQDN.


Simon Thornton
S.W.I.F.T s.c (Gesa)                       Tel: +32 2655 4814
Ave Francois Dubois 2                      Mob: +32 476 860 061
B1310 La Hulpe                             Fax: +32 2655 4185

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Amith Varghese
Sent: Tuesday, April 30, 2002 05:46
To: x509security.com; Björn Fernhomberg
Cc: openldap-software@OpenLDAP.org
Subject: Re: Outlook/Outlook Express & ldaps://

I got everything to work... it seems that throughout all my testing and
trying different IP addresses/DNS names on Outlook XP I had used the
short internal name of the machine rather than the FQDN (which is on the
certificate).  Once I changed it, things started working.  I guess when
I did it on OE i had used the correct FQDN name.  Since I've seen a
couple of people ask this question I'm going to state all of the steps I
have taken to get it working.  Thanks to Oliver and Björn for all their
help with this problem.

Steps to get Outlook/Outlook Express to use a self signed certificate
when connecting over SSL to an LDAP addressbook.

1) If you have a self signed certificate you must install the
certificate using IE.  To do this goto https://<LDAPSERVER>:636
2) IE will complain about the certificate not being from a Certified
Authority that you trust.
3) Click View Certificate
4) Scroll down and click on Install Certificate
5) Accept the defaults for adding the certificate
6) In Outlook/Outlook Express make sure you enter the *exact* name that
is on your self signed certificate in the server box.
7) Hopefully you should be able to connect if you have taken these


On Mon, 2002-04-29 at 23:27, x509security.com wrote:
> I don't know if this helps as I don't use XP but I am able to switch
> checking on and off within MSIE
> Tools>Internet Options>Advanced>
> Scroll down to Security and uncheck the boxes relating to crls
> > As far as I can tell, the problem is not your server configuration.
> > I guess Outlook XP doesn't like your certificate.
> >
> > It seems Outlook XP handles certs differently than previous
> > I'm still using Outlook 2000, so I can't help you much on this one.
> > After importing the self signed cert with IE, Outlook 2000 worked
fine for
> > me.

FN:Simon N Thornton (E-mail)
TITLE:Security Consultant
TEL;HOME;VOICE:+33 (0) 49312 2112
TEL;CELL;VOICE:+32(0)476 860 061
TEL;WORK;FAX:+33 (0) 49312 2155
TEL;HOME;FAX:+33- (0) -493122155
ADR;WORK:;OG161;Rue Francois Dubois, 2;La Hulpe;;1310;Belgium
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:OG161=0D=0ARue Francois Dubois, 2=0D=0ALa Hulpe 1310=0D=0ABelgium
ADR;HOME:;;160 Chemin de la verriere;Valbonne;Provence-Alpes-Cote D'Azure;06560;France
LABEL;HOME;ENCODING=QUOTED-PRINTABLE:160 Chemin de la verriere=0D=0AValbonne, Provence-Alpes-Cote D'Azure 06560=

Attachment: smime.p7s
Description: S/MIME cryptographic signature