Solved

Problem Installing Certificate

Posted on 2008-10-01
6
469 Views
Last Modified: 2013-11-24
I am trying to install Entourage 11.2.5 on to my Mac using 10.4.11, but I am confused about the installation of a Trusted Root Certificate.

Where do I get this certificate and how do I install it ??

I have heard that using SSL with Entourage is difficult to configure and that HTTP might be a better way to go.

Can someone please help.
0
Comment
Question by:Steveh24
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22614340
HTTP is always easier than SSL (as you need basic web hosting functionality before you can worry about securing it...), but it is not secure, so if you need SSL, then you need SSL.

Many popular commercial CA certs should already be loaded, or you could do so by installing the current version of your software.  If you are looking to manually add a certificate that is not a part of Apple's root certificate program (e.g. for your own root CA), then refer to this article:
http://www.microsoft.com/mac/itpros/default.mspx?clr=99-15-0&srcid=5c028854-8df7-4257-aee0-891eeffb66ac1033&ep=9&target=de839750-4d6a-45c4-80c4-ec4f13e2cfb21033
0
 

Author Comment

by:Steveh24
ID: 22616021
I don't mind what Certificate we use as I'm completely confused by this issue, I just want to be able to install Entourage and connect to our Exchange Server

We do have an SSL Cert we use for our Exchange Servers OWA, could I use this or are you saying that the Mac already has a Root Cert it can use.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22628068
Mac, Windows, etc. already ships with a base Trusted Root Certificate store.  This includes root certs from typically gov't agencies and commercial CA's such as Verisign that a large number of their users would typically come across during normal usage.  In that sense, there is already a root cert it could use (most commercial CA's would already have submitted to be included in this list that gets installed always).  

Doing this would mean you get a new cert for the Entourage box - the name that the cert was issued to must match, so you generally cannot use one cert for multiple differently named machines.  If this is a cluster you could issue to the alias and then use that for each box that responds to that DNS alias.  There are also wildcard certs for your whole domain (*.yourdomain.com), but they are spendy.

If you have your own CA installed, you could issue your own cert and install that.  Part of that would require installing your own root CA cert as well as the server cert.  The link from previous message documents that.  You would also want to deploy the root CA cert to your clients so they don't get warnings about trust, this is well documented on how to do this via GPO.  I would imagine there is a script or something that you could push for doing this in Apple or other linux OS - if you want to do that we can look into that.  

If this will be accessible by your users at home (not on their domain box) then you probably want to just go with a commercial CA cert as it would be easier than giving instructions on how to install your CA's root cert in all the different software environments that your home users are bound to use.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:Steveh24
ID: 22633720
I'm still struggling to get my head around this whole scenario and the user is thinking it might be easier to put her Mac in ther nearest Wheelybin and get a Laptop with XP and use Outlook.

Would I be correct in thinking that in order to send & receive Email that the Mac will have to be connected to the company VPN in order to access the Exchange, if this is the case do they actually need a certificate as the VPN is secure.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 125 total points
ID: 22650693
There are a few common ways to check email..  if you want to do it directly (i.e. downloading it into your email client) then you need to be on the LAN - if you are not on the LAN then you need to VPN to become connected to the LAN.

VPN is VPN - they all have an authentication method, usually a few different types.  This could be as simple as a username/password, which is not very secure, but tends to have some second factor added such as those RSA key fobs that change a temp code every minute or so as the 'secure' part of the authentication.  There could be certs involved, which once set up tends to be a little bit easier, but would require setup on whatever machine they are using to connect with.

Alternatively, instead of VPN you could use a web access to your email, such as OWA (outlook web access) - this requires its own setup on the server end, but is accessible by just popping the URL into your browser.  You can't download the emails automatically, but you can still download attachments and such manually.  This can be set up with just normal domain\username and password credentials, or also use certs, security fobs, etc.
0
 

Author Comment

by:Steveh24
ID: 22702784
Having read several articles on Forums it would appear that few people have managed to get Entourage working properly and in the end we used Outlook in Windows Emulation mode and connected as an Exchange Client straight away which begs the question "Why were Macs invented".

OWA was always an option, but you are dependant on the Internet to access your Emails and even though she still needs the Internet to connect to the Exchange, at least once they are downloaded they are there to view at all times.

Thanks for trying to solve my problem and even though you were unable to do so, I will still give you the points for trying, although I have come to the conclusion that Mac OS and Windows can't exist together.


0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

We were having a lot of "Heartbeat Alerts" in our SCOM environment, now "Heartbeat" in a SCOM environment for those of you who might not be familiar with SCOM is a packet of data sent from the agent to the management server on a regular basis, basic…
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
The viewer will learn how to simulate a series of coin tosses with the rand() function and learn how to make these “tosses” depend on a predetermined probability. Flipping Coins in Excel: Enter =RAND() into cell A2: Recalculate the random variable…
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now