Problems with Thawte Freemail certificates

Posted on 2008-11-12
Last Modified: 2012-05-05
We have problems with digital certificates from Thawte (Personal Freemail Digital IDs) in combination with Outlook Web Access:

Because the Thawte certificates don't have a CRL Distribution Point (CDP) defined on each certificate (only at the intermediate issuing CA), users get the error message, that the certificates cannot be verified. This is only a problem with Outlook Web Access. With the full Outlook client there is no problem at all.

Does anybody have a solution/workaround for that issue?

Volker :-)
Question by:kurthv
    LVL 31

    Expert Comment

    Here's an article describing a nice OWA admin tool:
    Look under S/MIME for 'Disable CRL Checking" - if that doesn't work I don't know what would besides getting certs that have a CDP declared (e.g. a paid email cert).  I'm guessing that since these are no assurance certs, there is no real need to revoke them, so they don't bother.

    Author Comment

    Do you know, if there is an OWA admin tool for Exchange 2007?
    Or maybe another way to "Disable CRL Checking"?

    wrt CDP: Thawte Personal Freemail certificates have a CDP declared.
    Not on the certificates themselves, but on the Intermediate Issuing CA.
    LVL 31

    Accepted Solution

    LVL 31

    Expert Comment

    I'm just checking in on old posts today... Are you still having this issue?  If so, please let me know so I can help some more, if not, please close accordingly..

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This Micro Tutorial demonstrates  how Internet marketers work with competitive analysis data, and a common task in data preparation is creating separate column for domains. You will then extract from a list of URLs.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    24 Experts available now in Live!

    Get 1:1 Help Now