Re: self signed certificates in outlook/ie (9/5.5), (10,6)
From: TimC (tim@nowhere.com)
Date: 06/27/02
- Next message: Joan Archer: "Re: Updated Summary of Microsoft Security Bulletins - MS02-032 & MS02-033"
- Previous message: Ned Flanders: "Re: Is there any "hacker-proof" way ?"
- In reply to: D. Cross: "Re: self signed certificates in outlook/ie (9/5.5), (10,6)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "TimC" <tim@nowhere.com> Date: Thu, 27 Jun 2002 17:14:24 +0100
David
Thanks for the response. It's good to know that that algorithm has changed,
and I may not just be being stupid.
I imported to trusted people, and that didn't work either.
Is there something special about a root CA that appears in their
certificate? I can't really see how without that credential being produced
by another entity (sort of who invented God argument).
Anyway, I trust myself more than I trust any of the root CAs shipped with
the product and I can definitely exercise stronger remedial action against
myself than I can against these entities under their legal systems, so
surely I should be able to make myself a root CA in this context, possibly
cross signing some of their certificates myself.
I'm happy to share the certificate for anyone that wants to try it (You
don't need a login to get it to fail as its at the setting up of the ssl
link).
tc
ps [That's funny about getting closer to the rfcs - I've just had an
exchange with MS where it transpired that Passport doesn't support rfc 822
compliant email addresses and probably never will]
"D. Cross" <vaq130@alias.hotmail.com> wrote in message
news:#TXC2HeHCHA.2512@tkmsftngp08...
> The chaining engine changes in Windows XP to comply with RFC standards,
etc
> that change. I am suspecting that XP is detecting that the cert is not a
> root and therefore will not trust as root despite being installed in
Trusted
> Root store.
>
> Have you tried importing the cert in the Trusted People store on XP?
>
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechn
> ol/WinXPPro/support/tshtcrl.asp
>
> --
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> "TimC" <tim@nowhere.com> wrote in message
> news:uhj6k72heiu076@corp.supernews.com...
> > I've concluded that this is a bug as the behaviour is different and
> > reproduceable from the import/deletion of the certificate in each
> > environment - works in w2k, not in xp. Where can I report the bug?????
> >
> >
> > "TimC" <tim@nowhere.com> wrote in message
> > news:uhds3f625j880b@corp.supernews.com...
> > > I had this cracked on the older ie/outlook combination - import
> certifcate
> > > .p12 self signed certificate into IE and Outlook stops producing the
> > > annoying error message at launch:
> > >
> > > "the server you are connected to is using a security certificate that
> > could
> > > not be verified.
> > > the signature fo the certificate can not be verified
> > > do you want to continue using this server?"
> > >
> > > But now I've got the same problem with ie6, outlook 10, and either
I've
> > > introduced some finger trouble, or it doesn't work the same.
Certificate
> > is
> > > imported into the Trusted Root Certification Authorities store, but
> > outlook
> > > continues to complain, and I can find no logs or other sources of
> > > information to help me track this down.
> > >
> > > certificates were produced with OpenSSL, and still work with the old
> > version
> > > of Outlook.
> > >
> > > Any thoughts?
> > >
> > > tia
> > > tim
> > >
> > >
> >
> >
>
>
- Next message: Joan Archer: "Re: Updated Summary of Microsoft Security Bulletins - MS02-032 & MS02-033"
- Previous message: Ned Flanders: "Re: Is there any "hacker-proof" way ?"
- In reply to: D. Cross: "Re: self signed certificates in outlook/ie (9/5.5), (10,6)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
