Re: certificates of trusted CA

From: Sergio Dutra [MS] (sergiod@online.microsoft.com)
Date: 05/24/02


From: "Sergio Dutra [MS]" <sergiod@online.microsoft.com>
Date: Fri, 24 May 2002 08:38:41 -0700


Does Outlook not have an option to view the certificate in that case? If
not, then you need to somehow obtain the server's root certificate into a
file (.cer, .crt, .pfx or .p7b) and then import that certificate into your
root store.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Sergio Dutra, Microsoft
"Tim" <tim@nowhere.com> wrote in message
news:jv3H8.3368$Ll6.292226@monolith.news.easynet.net...
> Thanks Sergio
>
> I think that I just wasn't clear enough. My scenario is much simpler.
> I own an imaps server (imap over ssl). when I connect to it with outlook,
> load up is slow and eventually I get a message:
> "The server you are connected to is using a security certificate that
could
> not be verified.
> A certificate chain processed correctly, but terminated in a root
> certificate which is not trusted by the trust provider.
>
> Do you want to continue using this server?"
>
> I just want to have the service trusted and not go through this rigmarole.
>
> Tim
>
>
> "Sergio Dutra [MS]" <sergiod@online.microsoft.com> wrote in message
> news:uvLEEIbACHA.2344@tkmsftngp02...
> > I assume you want to access a particular web server via SSL, where the
> > server's certificate is issued by a certificate authority you do not
> > currently trust, but that you do wish to trust it. When you navigate to
a
> > secure web site whose certificate you do not trust, you should be
> presented
> > with a dialog saying you don't trust the server's certificate, and in
that
> > dialog there should be a button "View Certificate".
> >
> > When you click on "View Certificate", a certificate dialog should show
up,
> > and you can then go to the "Certification Path" tab of that dialog and
> > select the topmost certificate (there should be a topmost certificate
> other
> > than the one you're currently viewing) and select "View Certificate".
> > Another certificate dialog should show up, this one for the topmost one,
> and
> > there should be a "Install Certificate" button there. Click on that
button
> > and you will be led through a wizard and another dialog prompting you
> > whether you wish to install the the certificate, and you will then trust
> > that certificate authority.
> >
> > Once that's done, you can restart the browser (I'm not sure if that may
be
> > necessary) and navigate to that web page and you should not see any more
> > dialogs accessing it unless there are some other problems with that
> server's
> > certificate. Note this process does not cause you to trust the server's
> > certificate explicitly, but the server's topmost (self-signed) issuer -
> you
> > cannot trust a server's certificate without trusting its topmost issuer.
> You
> > should ensure that you do, indeed, trust the entity that issued that
> topmost
> > issuer before going through this process.
> >
> > --
> > This posting is provided "AS IS" with no warranties, and confers no
> rights.
> >
> > Sergio Dutra, Microsoft
> > "Tim C" <tim@nowhere.freeserve.co.uk> wrote in message
> > news:2GNG8.784$Ll6.22070@monolith.news.easynet.net...
> > > this is probably a stupid question, but I can't find the answer.
> > >
> > > I want to get w2k to trust an imaps server's certificate, by only
> signing
> > it
> > > myself (I trust me more than I trust those companies that I'm given by
> > MS),
> > > so that outlook doesn't whinge every time that I try to access the
> server.
> > > but I can't work out how to get a suitable certificate into the
relevant
> > > entity in w2k. first I tried the certificate console (this being ssl,
> > > there's nothing specific to tie it to really). doesn't seem to apply.
> > being
> > > a mail protocol, I guessed a mail UA - can't find anything there. IE
> > *seems*
> > > to have something relevant, but i can't seem to add a trusted CA.
> > >
> > > tia
> > >
> > > tim
> > >
> > >
> >
> >
>
>


Relevant Pages

  • Re: Certification Authority
    ... Server 2003 newsgroup. ... You need to install the Verisign certificate as your Master Certificate. ... they will get a "Child" certificate of the Verisign certificate. ... Any outside authentication can then follow the chain of trust all the way ...
    (microsoft.public.mac.office)
  • Certificate Authority
    ... Server 2003 newsgroup. ... You need to install the Verisign certificate as your Master Certificate. ... they will get a "Child" certificate of the Verisign certificate. ... Any outside authentication can then follow the chain of trust all the way ...
    (microsoft.public.windows.server.general)
  • Re: Certification Authority
    ... Server 2003 newsgroup. ... You need to install the Verisign certificate as your Master Certificate. ... they will get a "Child" certificate of the Verisign certificate. ... Any outside authentication can then follow the chain of trust all the way ...
    (microsoft.public.mac.office)
  • Re: How to automate this ... ?
    ... client unless you established trust to that server (that's basically what ... Domain membership and Group Policy is -- the server trusts the external ... Purchase a certificate from an established Certificate Registrar. ... make the IE to trust my own Microsoft CA? ...
    (microsoft.public.inetserver.iis.security)
  • Re: Proposal for a new PKI model (At least I hope its new)
    ... That is say I trust Paul Rubin's public key. ... two basic reasons for the SSL server domain name certificate: ... certificates have to check with the domain name infrastructure to see ... CA/PKI industry is that public keys be registered with the domain name ...
    (sci.crypt)