Jump to content
Sign in to follow this  
joshr

Exchange Server Root Certificate

Recommended Posts

I am pretty sure I have reached a dead end but I figured I would ask just in case someone has an idea. I believe, perhaps incorrectly, that in order to get Microsoft messenger working with the corporate network [internal only] and to get entourage 2008 connecting without an error every time that I need a root certificate for the exchange server. I first figured how to find the exchange servers certserv. From there I can download a certificate but it's a user certificate not a root certificate so it doesn't do anything. I got a tip that you could somehow analyze the certificate and figure something out from that so I looked into that and found you need something called certutil that originally came with WindowsNT but was available for XP via a download. I fired up my PC and tried to install it but I don't have administrator access so I can install it. As far as I can tell the only way to get the certificate is to have IT do it from the server. IT refuses to support the mac in anyway so that's a no go. Any other ideas?

 

If there is even a way to read an exchange certificate in OSX that would be at least another avenue I could explore.

Share this post


Link to post
Share on other sites

I don't know specifics of the Exchange server certificates, but I suppose they use standard x.509 certificates as per SSL and other infrastructure? I don't know what decoding them will do for you, but a couple of web sites can decode them on-line:

 

http://www.bogpeople.com/networking/CertDecoder/

 

or

 

http://www.redkestrel.co.uk/cgi/decodeCert2.pl

 

That'll tell you the identifiy of the certificate's issuer, but not the issuer's certificate. You'll still need to find that. (Usually through an LDAP service, though Exchange may have its own mechanism.)

Share this post


Link to post
Share on other sites
I don't know specifics of the Exchange server certificates, but I suppose they use standard x.509 certificates as per SSL and other infrastructure? I don't know what decoding them will do for you, but a couple of web sites can decode them on-line:

 

http://www.bogpeople.com/networking/CertDecoder/

 

or

 

http://www.redkestrel.co.uk/cgi/decodeCert2.pl

 

That'll tell you the identifiy of the certificate's issuer, but not the issuer's certificate. You'll still need to find that. (Usually through an LDAP service, though Exchange may have its own mechanism.)

That was actually quite helpful if I end up going down that route. They do use x509 certificates and in order for messenger to recognize them you have to add the x509 keychain back to keychain. Anyway in the end I don't think there is anything I can do without IT so I put on my man pants and went over their head. I asked the CTO and he was quite receptive. He said he would be willing to let me test it.

Edited by joshr

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×