Problems with Thawte Freemail certificates

We have problems with digital certificates from Thawte (Personal Freemail Digital IDs) in combination with Outlook Web Access:

Because the Thawte certificates don't have a CRL Distribution Point (CDP) defined on each certificate (only at the intermediate issuing CA), users get the error message, that the certificates cannot be verified. This is only a problem with Outlook Web Access. With the full Outlook client there is no problem at all.

Does anybody have a solution/workaround for that issue?

Thanks,
Volker :-)
kurthvAsked:
Who is Participating?
 
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
0
 
ParanormasticCryptographic EngineerCommented:
Here's an article describing a nice OWA admin tool:
http://www.msexchange.org/tutorials/Outlook-Web-Access-Web-based-Administration.html
Look under S/MIME for 'Disable CRL Checking" - if that doesn't work I don't know what would besides getting certs that have a CDP declared (e.g. a paid email cert).  I'm guessing that since these are no assurance certs, there is no real need to revoke them, so they don't bother.
0
 
kurthvAuthor Commented:
Do you know, if there is an OWA admin tool for Exchange 2007?
Or maybe another way to "Disable CRL Checking"?

wrt CDP: Thawte Personal Freemail certificates have a CDP declared.
Not on the certificates themselves, but on the Intermediate Issuing CA.
0
 
ParanormasticCryptographic EngineerCommented:
I'm just checking in on old posts today... Are you still having this issue?  If so, please let me know so I can help some more, if not, please close accordingly..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.