Loading ...
Sorry, an error occurred while loading the content.

CA certificate error in outllook

Expand Messages
  • gaby
    Hi I use postfix with TLS optiion.I create certificates in same mod as postfix documentation.It is Ok,postfix is perfect functionaly I import CA certificate
    Message 1 of 6 , Aug 31, 2011
    • 0 Attachment
       
       
      Hi
        I use postfix with TLS optiion.I create certificates in same mod as postfix documentation.It is Ok,postfix is perfect functionaly
      I import CA certificate from PEM format in DER format then was installed in windows as trusted certificate.
       
      When I send email with outlook,or outlook express,is received follow error:
      "The server you are connected to is using a security certificate that could not be verified.
       A certificate that can only be used as an end-entity is being used as a CA or visa versa.
       Do you want to continue using this server?"
      If click yes It function normaly.
       
      What is problem with CA certificate?
       
      Thanks
       

       
    • weber@zackbummfertig.de
      No Problem at all. Seems you are using an self-signed Cert. You can buy cheap domain validated ssl certs by 59€ / year i mean to remember. Then this
      Message 2 of 6 , Aug 31, 2011
      • 0 Attachment
        No Problem at all.
        Seems you are using an "self-signed" Cert.
        You can buy cheap domain validated ssl certs by 59€ / year i mean to
        remember.
        Then this message wont show up.
        Or you Accept the Cert in the mailclient , then this message also is
        not shown.
        In thunderbird you can do this, dunno how to do in Outlook Express and
        Outlook.

        marko




        On Wed, 31 Aug 2011 16:34:08 +0300, "gaby" <gaby@...>
        wrote:
        > Hi
        > I use postfix with TLS optiion.I create certificates in same mod as
        > postfix documentation.It is Ok,postfix is perfect functionaly
        > I import CA certificate from PEM format in DER format then was
        > installed in windows as trusted certificate.
        >
        > When I send email with outlook,or outlook express,is received follow
        > error:
        > "The server you are connected to is using a security certificate that
        > could not be verified.
        > A certificate that can only be used as an end-entity is being used
        > as
        > a CA or visa versa.
        > Do you want to continue using this server?"
        > If click yes It function normaly.
        >
        > What is problem with CA certificate?
        >
        > Thanks
      • Tobias Hachmer
        ... Which certification store you exactly use? In windows 7 it is called Trusted Root Certification Authorities . Verify to store it in the current user
        Message 3 of 6 , Aug 31, 2011
        • 0 Attachment
          On Wed, 31 Aug 2011 16:34:08 +0300, gaby wrote:

          > I use postfix with TLS optiion.I create certificates in same mod as
          > postfix documentation.It is Ok,postfix is perfect functionaly
          > I import CA certificate from PEM format in DER format then was
          > installed
          > in
          > wihttps://www.hachmer.de/?_task=mail&_id=3540788874e5e6600794b1&_action=compose#ndows
          > as trusted certificate.

          Which certification store you exactly use? In windows 7 it is called
          "Trusted Root Certification Authorities".
          Verify to store it in the current user account store as well as in the
          computer account store.

          > When I send email with outlook,or outlook express,is received follow
          > error:
          > "The server you are connected to is using a security certificate that
          > could not be verified.
          > A certificate that can only be used as an end-entity is being used as
          > a
          > CA or visa versa.
          > Do you want to continue using this server?"
          > If click yes It function normaly.

          > What is problem with CA certificate?

          Maybe you configured postfix to use the CA certificate? You should use
          a server certificate signed by your own created CA.
          Key usage must contain "server authentication" - oid 1.3.6.1.5.5.7.3.1
          (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.1) and may contain if
          you're going to use ist "client authentication" - oid 1.3.6.1.5.5.7.3.2
          (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.2).

          Greetz, Tobias
        • gaby
          Use Win Xp Sp3,outllok express,the CA certificate is stored in trusted Root Certification Authorities and it is imported with success. In the other device
          Message 4 of 6 , Aug 31, 2011
          • 0 Attachment
            
            Use Win Xp Sp3,outllok express,the CA certificate is stored in trusted Root Certification Authorities and it is imported with success.
             In the other device (Nokia Phone) answer about CA certificate is only once,then phone email is normal functionaly,without any answer.
            ----- Original Message -----
            Sent: Wednesday, August 31, 2011 8:00 PM
            Subject: Re: CA certificate error in outllook

            On Wed, 31 Aug 2011 16:34:08 +0300, gaby wrote:

            > I use postfix with TLS optiion.I create certificates in same mod as
            > postfix documentation.It is Ok,postfix is perfect functionaly
            > I import CA certificate from PEM format in DER format then was
            > installed
            > in
            > wihttps://www.hachmer.de/?_task=mail&_id=3540788874e5e6600794b1&_action=compose#ndows
            > as trusted certificate.

            Which certification store you exactly use? In windows 7 it is called
            "Trusted Root Certification Authorities".
            Verify to store it in the current user account store as well as in the
            computer account store.

            > When I send email with outlook,or outlook express,is received follow
            > error:
            > "The server you are connected to is using a security certificate that
            > could not be verified.
            > A certificate that can only be used as an end-entity is being used as
            > a
            > CA or visa versa.
            > Do you want to continue using this server?"
            > If click yes It function normaly.

            > What is problem with CA certificate?

            Maybe you configured postfix to use the CA certificate? You should use
            a server certificate signed by your own created CA.
            Key usage must contain "server authentication" - oid 1.3.6.1.5.5.7.3.1
            (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.1) and may contain if
            you're going to use ist "client authentication" - oid 1.3.6.1.5.5.7.3.2
            (http://www.oid-info.com/get/1.3.6.1.5.5.7.3.2).

            Greetz, Tobias
          • Tobias Hachmer
            ... Well, for better troubleshooting please post postconf -n , your main.cf and your CA Certificate as well as your Server Certificate. Tobias
            Message 5 of 6 , Aug 31, 2011
            • 0 Attachment
              On Wed, 31 Aug 2011 20:23:26 +0300, gaby wrote:
              > Use Win Xp Sp3,outllok express,the CA certificate is stored in
              > trusted
              > Root Certification Authorities and it is imported with success.
              > In the other device (Nokia Phone) answer about CA certificate is only
              > once,then phone email is normal functionaly,without any answer.

              Well, for better troubleshooting please post 'postconf -n', your
              main.cf and your CA Certificate as well as your Server Certificate.

              Tobias
            • Jerry
              On Wed, 31 Aug 2011 22:21:39 +0200 ... Why post the main.cf file? He would be better served reading the documentation under:
              Message 6 of 6 , Aug 31, 2011
              • 0 Attachment
                On Wed, 31 Aug 2011 22:21:39 +0200
                Tobias Hachmer articulated:

                > On Wed, 31 Aug 2011 20:23:26 +0300, gaby wrote:
                > > Use Win Xp Sp3,outllok express,the CA certificate is stored in
                > > trusted
                > > Root Certification Authorities and it is imported with success.
                > > In the other device (Nokia Phone) answer about CA certificate is
                > > only once,then phone email is normal functionaly,without any answer.
                >
                > Well, for better troubleshooting please post 'postconf -n', your
                > main.cf and your CA Certificate as well as your Server Certificate.

                Why post the main.cf file? He would be better served reading the
                documentation under: <http://www.postfix.com/DEBUG_README.html>.

                "Reporting problems to postfix-users@..."

                Output from "postconf -n". Please do not send your main.cf file, or
                500+ lines of postconf output.

                Better, provide output from the postfinger tool. This can be found at
                http://ftp.wl0.org/SOURCES/postfinger.

                If the problem is SASL related, consider including the output from the
                saslfinger tool. This can be found at
                http://postfix.state-of-mind.de/patrick.koetter/saslfinger/.

                --
                Jerry ✌
                postfix-user@...
                _____________________________________________________________________
                TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
                TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html

                The best laid plans of mice and men are held up in the legal department.
              Your message has been successfully submitted and would be delivered to recipients shortly.