I’m trying to get Microsoft Entourage on my Mac to work with an SSL-based mail server, but every time I try to use it, I get errors about “unverified root certificate” or uninstalled root certificates. I’ve dug around on my SSL server and can’t figure out what the heck Entourage wants. Help!
it’s surprisingly difficult to figure out how to install a root certificate in Microsoft’s Entourage, actually, though I think the problem is generally just with security certificates, not Entourage, per se. I think I have it working on my system, however, and here’s what I did.
First step was to log in to the SSL server — in this case it’s a Linux box running Apache — and switch to root with the “su” command. Now, move into the directory /etc/mail/certs and you’ll find a file with a strange numeric name like “0cf916dd.0”. That’s what you want. I suggest you copy that file to your own home directory and make sure you leave it accessible for later:
# chown taylor ~taylor/0cf916dd.0
# ls -l ~taylor/0cf916dd.0
-r——– 1 taylor taylor 863 Oct 17 07:24 /home/taylor/0cf916dd.0
Looks good. Now, quit superuser, then disconnect and reconnect with your SFTP client application (I certainly hope that you are NOT using FTP to connect. It’s notoriously insecure), and download the copy of the security certificate you’ve left in an accessible place:
Fetching /home/taylor/0cf916dd.0 to 0cf916dd.0
/home/taylor/0cf916dd.0 100% 863 0.8KB/s 00:00
sftp>
Now you need to add a new filename suffix to the file before you can proceed (an important step!). Click once on the new file’s name, count to 10, then click again. You should be able to edit the filaname: add the suffix “.crt” to it. You’ll need to verify the change:
Finally, it’s time to open up a new Finder window and navigate into Applications –> Utilities. Now, drag the root certificate on top of the Keychain Access application:
Now the Keychain Access application itself will confirm you want to install the new security certificate:
Important step: Make sure that you specify you want it to be filed away as an X509 Anchor certificate, as shown. Click on “OK” and you’re done!
Now, the next time you use Entourage in secure mode, you should be able to interact with your SSL-based secure server without a problem.
I found that when Entourage wants a mail server’s security certificate, if the server is running Exchange, the easiest way to obtain the security certificate is to go to the Web page for that server’s Outlook Web Access. For instance, if your mail account is based on an Exchange server with the Fully-Qualified Domain Name of “mail.domain.com”, there is a good likelihood that OWA is running at “https://mail.domain.com/exchange”
Point Safari at that OWA address, and you should get a message that Safari can’t verify the identity of the Web site. Click on “Show Certificate”, put a check in the box to always trust the certificate, then click on Continue. It should then ask for your password so it can add it to your Keychain.
I’m having the same trouble only on a Microsoft Windows 2008 Server (running Exchange 2010 mail server)
What would be the procedure for obtaining the cert from a Windows server?