?
Solved

Problem Installing Certificate

Posted on 2008-10-01
6
Medium Priority
?
478 Views
Last Modified: 2013-11-24
I am trying to install Entourage 11.2.5 on to my Mac using 10.4.11, but I am confused about the installation of a Trusted Root Certificate.

Where do I get this certificate and how do I install it ??

I have heard that using SSL with Entourage is difficult to configure and that HTTP might be a better way to go.

Can someone please help.
0
Comment
Question by:Steveh24
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22614340
HTTP is always easier than SSL (as you need basic web hosting functionality before you can worry about securing it...), but it is not secure, so if you need SSL, then you need SSL.

Many popular commercial CA certs should already be loaded, or you could do so by installing the current version of your software.  If you are looking to manually add a certificate that is not a part of Apple's root certificate program (e.g. for your own root CA), then refer to this article:
http://www.microsoft.com/mac/itpros/default.mspx?clr=99-15-0&srcid=5c028854-8df7-4257-aee0-891eeffb66ac1033&ep=9&target=de839750-4d6a-45c4-80c4-ec4f13e2cfb21033
0
 

Author Comment

by:Steveh24
ID: 22616021
I don't mind what Certificate we use as I'm completely confused by this issue, I just want to be able to install Entourage and connect to our Exchange Server

We do have an SSL Cert we use for our Exchange Servers OWA, could I use this or are you saying that the Mac already has a Root Cert it can use.
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22628068
Mac, Windows, etc. already ships with a base Trusted Root Certificate store.  This includes root certs from typically gov't agencies and commercial CA's such as Verisign that a large number of their users would typically come across during normal usage.  In that sense, there is already a root cert it could use (most commercial CA's would already have submitted to be included in this list that gets installed always).  

Doing this would mean you get a new cert for the Entourage box - the name that the cert was issued to must match, so you generally cannot use one cert for multiple differently named machines.  If this is a cluster you could issue to the alias and then use that for each box that responds to that DNS alias.  There are also wildcard certs for your whole domain (*.yourdomain.com), but they are spendy.

If you have your own CA installed, you could issue your own cert and install that.  Part of that would require installing your own root CA cert as well as the server cert.  The link from previous message documents that.  You would also want to deploy the root CA cert to your clients so they don't get warnings about trust, this is well documented on how to do this via GPO.  I would imagine there is a script or something that you could push for doing this in Apple or other linux OS - if you want to do that we can look into that.  

If this will be accessible by your users at home (not on their domain box) then you probably want to just go with a commercial CA cert as it would be easier than giving instructions on how to install your CA's root cert in all the different software environments that your home users are bound to use.
0
Get proactive database performance tuning online

At Percona’s web store you can order full Percona Database Performance Audit in minutes. Find out the health of your database, and how to improve it. Pay online with a credit card. Improve your database performance now!

 

Author Comment

by:Steveh24
ID: 22633720
I'm still struggling to get my head around this whole scenario and the user is thinking it might be easier to put her Mac in ther nearest Wheelybin and get a Laptop with XP and use Outlook.

Would I be correct in thinking that in order to send & receive Email that the Mac will have to be connected to the company VPN in order to access the Exchange, if this is the case do they actually need a certificate as the VPN is secure.
0
 
LVL 31

Accepted Solution

by:
Paranormastic earned 375 total points
ID: 22650693
There are a few common ways to check email..  if you want to do it directly (i.e. downloading it into your email client) then you need to be on the LAN - if you are not on the LAN then you need to VPN to become connected to the LAN.

VPN is VPN - they all have an authentication method, usually a few different types.  This could be as simple as a username/password, which is not very secure, but tends to have some second factor added such as those RSA key fobs that change a temp code every minute or so as the 'secure' part of the authentication.  There could be certs involved, which once set up tends to be a little bit easier, but would require setup on whatever machine they are using to connect with.

Alternatively, instead of VPN you could use a web access to your email, such as OWA (outlook web access) - this requires its own setup on the server end, but is accessible by just popping the URL into your browser.  You can't download the emails automatically, but you can still download attachments and such manually.  This can be set up with just normal domain\username and password credentials, or also use certs, security fobs, etc.
0
 

Author Comment

by:Steveh24
ID: 22702784
Having read several articles on Forums it would appear that few people have managed to get Entourage working properly and in the end we used Outlook in Windows Emulation mode and connected as an Exchange Client straight away which begs the question "Why were Macs invented".

OWA was always an option, but you are dependant on the Internet to access your Emails and even though she still needs the Internet to connect to the Exchange, at least once they are downloaded they are there to view at all times.

Thanks for trying to solve my problem and even though you were unable to do so, I will still give you the points for trying, although I have come to the conclusion that Mac OS and Windows can't exist together.


0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: Leon
Software Metering within our group of companies has always been an afterthought until auditing of software and licensing became a pain point. Orchestrator and SCCM metering gave us the answer and it was an exciting process.
In this article we will discuss some EI Capitan Mail app issues and provide some manual process to resolve them.
Viewers will learn the different options available in the Backstage view in Excel 2013.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question