Warning message about valid certificates

From: Dincer Onel (onel@uekae.tubitak.gov.tr)
Date: 05/23/02

• Next message: Julian Tym: "NT LM Security Support Provider Service"
• Previous message: Jan Partanen: "Re: Certificate Authorities ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Dincer Onel" <onel@uekae.tubitak.gov.tr>
Date: Thu, 23 May 2002 05:22:30 -0700

Hi all,
I installed an Enterprise Root CA for my 50-user win2000
local area network with no problem. Users use Outlook2000
as mail client. Mail encyrption and signing works well.
However when I open security properties of an
encrypted&signed mail, I see a warning message "The
Certificate Revocation List needed to verify the signing
certificate is either unavailable or it has expired."
Besides, for the signing certificate message it says "This
certificate is OK!" under the root CA. In the Edit Trust
part "Inherit trust from the issuer" seems to be chosen.
Why do I see this warning message? I wonder is there
anythnig wrong with the CDP points, but it also seems ok,
clients can query the CRL using LDAP,FTP,HTTP. I think, I
shouldn't have to select "Explicitly trust this
certificate" for each certificate. Since I trust my root
CA, to select "inherit trust from the issuer" is expected
to work fine.
ANY comments&feedbacks will be appreciated greatly !!!

Dinçer ÖNEL
Network Security Researcher
TÜBİTAK-UEKAE

---

• Next message: Julian Tym: "NT LM Security Support Provider Service"
• Previous message: Jan Partanen: "Re: Certificate Authorities ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: CA Q ... I'm gonna start a new Root CA company. ... that I've done so far is issue a certificate to my IIS webserver. ... that possesses that the private key is reasonably the party that was issued the key and that the keys can used used for the attempted operation. ... This is where certification authorities come into play - they provide the trust structure. ... (microsoft.public.cert.exam.mcse) Re: untrusted domain in certificate ... correct - all machines that connect to a server that has a cert issued by ... your root, must also trust that root. ... > get/install the CA certificate to your client computer. ... (microsoft.public.win2000.security) Re: Accessing website with Certificate ... The client needs to have the CA root cert. ... This Security Certificate Was Issued by a Company that You ... "The security cerificate issued by a company you have not chosen to trust. ... (microsoft.public.inetserver.iis.security) Re: Problems with Importing Certificate ... Sounds to me like you don't trust the root CA. Do you have the root CA's ... > enterprise-CA and saved the request for a certificate in a .req-file. ... (microsoft.public.windows.server.security) Stand Alone CA Problem ... Certificate Revocation List needed to verify the signing ... In the Edit Trust ... Why do I see this warning message? ... Are there also any special procedures in publishing the CRL using an ISA2K ... (microsoft.public.win2000.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)