Entourage - Exchange SSL connection in Leopard now WORKING.

Discussion in 'Mac Apps and Mac App Store' started by nix.hanno, Nov 4, 2007.

  1. nix.hanno macrumors newbie

    Joined:
    Nov 2, 2007
    Location:
    Oz
    #1
    OK. After much frustration I finally have Entourage making an SSL connection to an Exchange server in Mac OS X Leopard after performing the OS installation from scratch.

    All that is needed is your root certificate - no private key, no digital identity, no microsoft intermediate junk or any of that hullabaloo - just the root certificate only.

    Now do the following:

    1. Put the root certificate in your home folder.
    2. Open a terminal.
    3. Type the following:

    sudo certtool i root_certificate.cer v k=/System/Library/Keychains/X509Anchors

    Obviously replacing "root_certificate.cer" with your certificate filename.

    The last line of output should read "...certificate successfully imported." If you get an error saying that the certificate is in the wrong format and needs to be in PEM format, then use the Microsoft Cert Manager to convert the certificate format by importing then exporting as PEM.

    Ha - beat ya Microsoft! I'm a single guy that fixed this. You're a massive company with squillions of $$$ and hundreds if not thousands of people and you can't even fix this after 1 week! Why exactly should people buy or even use your crappy products for OUTRAGEOUS prices!?!?!!?

    C'mon people, try get your boss / IT administrator etc. to switch to something else, preferably supporting an open standard file format - that way no-one will ever be tied down to using a particular vendors product.

    Why did it break?

    As it turns out, the X509Anchors file, as of Leopard, has been made obsolete - but not entirely... It can (and is) still read from, but cannot be written to - at least not with any GUI interface like Apple Keychain or Microsoft Cert Manager.

    As Entourage looks at this X509Anchors file for the Root Certificate and not in the new SystemCA/RootCertificates.keychain files, of course it's not going to find it! This also explains why people that upgraded rather than fresh installed did not encounter this age old problem again.

    So Microsoft, if you're still in the complete darkness and have no clue what i'm going on about, to fix this problem from your end, send out an update that makes Office for Mac look in the SystemCACertificates.keychain and SystemRootCertificates.keychain files for root certificates and don't remove the parsing of the X509Anchors file just yet either or you'll break it again! People need time to make the switch...
     
  2. zigginl macrumors newbie

    Joined:
    Dec 24, 2007
    #2
    Great post - thnx, but I'm trying to make this work with the 2008 (beta, I know) version... do you have any tips/suggestions there?
     
  3. GJSchaller macrumors newbie

    GJSchaller

    Joined:
    Oct 18, 2007
    Location:
    White Plains, NY
    #3
    Bah!

    Apparently, Microsoft has declared Entourage 2004 as "no longer being updated," since 2008 is on the way - we may not see a fix for this short of moving to 2008. Hopefully, they fixed it for that version...
     
  4. snugharbor macrumors member

    Joined:
    Oct 17, 2007
    #4
    Actually Office 2008 Entourage has NOT fixed the SSL problem but now the work around does not work. Get this error:

    the keychain you are accessing, X509Anchors, is no longer
    used by Mac OS X as the system root certificate store.
    Please read the security man page for information on the
    add-trusted-cert command. New system root certificates should
    be added to the Admin Trust Settings domain and to the
    System keychain in /Library/Keychains.
     
  5. m4change macrumors newbie

    Joined:
    Feb 16, 2008
    #5
    entourge root fix: Not working w/ 2004 & 10.5.2 :(

    I'm using Entourage 2004 and this fix isn't working for me. Here's the error message I get:

    The keychain you are accessing, X509Anchors, is no longer
    used by Mac OS X as the system root certificate store.
    Please read the security man page for information on the
    add-trusted-cert command. New system root certificates should
    be added to the Admin Trust Settings domain and to the
    System keychain in /Library/Keychains.

    Eerily similar to the error reported by the Office 2008 user.

    Anyone have any ideas? Quite frustrating.
     
  6. paenguin macrumors member

    paenguin

    Joined:
    Feb 20, 2008
    Location:
    behind Torre Two
    #6
    same error i got.
    anyone got a workaround on this?
     
  7. paenguin macrumors member

    paenguin

    Joined:
    Feb 20, 2008
    Location:
    behind Torre Two
    #7
    spoke too soon

    i found this .
    sure worked the certificate issue. :D
     
  8. jmcleveland macrumors newbie

    Joined:
    Mar 16, 2008
    Location:
    Cupertino, CA
    #8
    where do you get the root certificate

    In trying to learn how to fix the Entourage exchange server certificate issue, everyone keeps mentioning the users root certificate that you use to solve the problem with. Hey guys, where in the world is this certificate that you seem to think everyone else knows where to find it. I'm trying to fix this issue on a friends new MacBook that came loaded with Leopard. I personally run previous Tiger 10.4.11, which does not have any certificates I can find using KeyChain Access. Microsoft Cert Manager does show certificates, but only in the "Apple Trusted Root Certificate Authorities" no other show up on any of the other changes in the "Look for certificates of type:". My computer and my friends both use the same ISP (AT&T).

    Any info on where to find the root certificate he needs from AT&T?

    Thanks
    John C.
     
  9. j0ebeer macrumors member

    Joined:
    Mar 5, 2007
    #9
    Ditto, where's the certificate?

    I have the same concern/issue as John. Where do you get this certificate?
     
  10. pytter macrumors newbie

    Joined:
    Sep 18, 2008
    #10
    Different Solution

    I have been tearing my hair out over this one and am equally miffed about how to get hold of the certificate, especially as I am using a hosted exchange account.:mad:

    I am using Entourage 2008 on a MBP running 10.5.4

    The problem arose when I migrated from my old iBook running 10.4

    In desperation I dug around the Microsoft knowledge base and found a solution that has worked for me -:) it is very simple:

    add "/exchange/user@mail.com" to the end of the exchange server details in the account set-up
    Note: user@mail.com is a placeholder for your default SMTP address.

    for the complete article from the knowledge base:
    http://support.microsoft.com/kb/931350

    What a relief!
     
  11. Lershac macrumors regular

    Joined:
    Feb 21, 2008
    Location:
    Baton Rouge, LA USA
    #11
    Thanks!

    This issue has been bothering me for some time, and now I find the solution in just casual browsing when searching didnt work. My google-fu must be weak!
     
  12. Lershac macrumors regular

    Joined:
    Feb 21, 2008
    Location:
    Baton Rouge, LA USA
    #12
    If in firefox, when firefox complains about the root certificate, add an exception and keep going into the advanced or more dialog boxes, there is an option to view the certificate, and then there is an option to export it. That is how I got mine.
     

Share This Page