A while ago I reported several problems with accessing an IMAP server with EtX. Somebody brought the following thread to my attention which is at least enlightens the security certificate problem somewhat. I thought I share it with this list.
Hannes I apologize if that cross post is against the netiquette of this list, but I found answers there which I didn�t get here (maybe I just missed it). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Apparently that message about needing a personal certificate is totally wrong. It doesn't actually need a certificate. I'll ask Tom if he can test this with sendmail, as described below. Check out this thread from deja.com: From: Derek Balling ([EMAIL PROTECTED]) Subject: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2001-12-22 11:31:43 PST So I got an SSL certificate for the mail server I manage, and was able to configure Entourage to connect to the POP server using SSL just fine. However, if I try to connect using SSL and SMTP-AUTH, I get an error 2995 "Personal Certificate Required"... Obviously I _DON'T_ need a personal certificate, I'm using SASL/SMTP-AUTH to authenticate for relaying, I just want the encryption that SSL provides. Is there any way to convince Entourage to do this? D Message 2 in thread From: Dan Crevier ([EMAIL PROTECTED]) Subject: Re: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2001-12-22 13:22:44 PST On 12/22/2001 11:29 AM, in article <[EMAIL PROTECTED]>, "Derek Balling" <[EMAIL PROTECTED]> wrote: > So I got an SSL certificate for the mail server I manage, and was able to > configure Entourage to connect to the POP server using SSL just fine. > > However, if I try to connect using SSL and SMTP-AUTH, I get an error 2995 > "Personal Certificate Required"... Obviously I _DON'T_ need a personal > certificate, I'm using SASL/SMTP-AUTH to authenticate for relaying, I just > want the encryption that SSL provides. > > Is there any way to convince Entourage to do this? Entourage doesn't support personal certificates. If your SMTP server is requiring one, you are out of luck. Dan Message 3 in thread From: Derek Balling ([EMAIL PROTECTED]) Subject: Re: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2001-12-22 14:51:10 PST On 12/22/01 1:18 PM, in article [EMAIL PROTECTED], "Dan Crevier" <[EMAIL PROTECTED]> wrote: > On 12/22/2001 11:29 AM, in article <[EMAIL PROTECTED]>, > "Derek Balling" <[EMAIL PROTECTED]> wrote: > >> So I got an SSL certificate for the mail server I manage, and was able to >> configure Entourage to connect to the POP server using SSL just fine. >> >> However, if I try to connect using SSL and SMTP-AUTH, I get an error 2995 >> "Personal Certificate Required"... Obviously I _DON'T_ need a personal >> certificate, I'm using SASL/SMTP-AUTH to authenticate for relaying, I just >> want the encryption that SSL provides. >> >> Is there any way to convince Entourage to do this? > > Entourage doesn't support personal certificates. If your SMTP server is > requiring one, you are out of luck. No, my server doesn't require personal certs, but somehow entourage THINKS it does. :-/ D Message 4 in thread From: Derek Balling ([EMAIL PROTECTED]) Subject: Re: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2001-12-25 08:58:37 PST On 12/22/01 1:18 PM, in article [EMAIL PROTECTED], "Dan Crevier" <[EMAIL PROTECTED]> wrote: > On 12/22/2001 11:29 AM, in article <[EMAIL PROTECTED]>, > "Derek Balling" <[EMAIL PROTECTED]> wrote: > >> So I got an SSL certificate for the mail server I manage, and was able to >> configure Entourage to connect to the POP server using SSL just fine. >> >> However, if I try to connect using SSL and SMTP-AUTH, I get an error 2995 >> "Personal Certificate Required"... Obviously I _DON'T_ need a personal >> certificate, I'm using SASL/SMTP-AUTH to authenticate for relaying, I just >> want the encryption that SSL provides. >> >> Is there any way to convince Entourage to do this? > > Entourage doesn't support personal certificates. If your SMTP server is > requiring one, you are out of luck. BTW, I found the problem with this (reporting back for the archives). T he problem is that Entourage is stupidly interpreting an MTA saying "I support client certs, wanna show me one?" as "I need a client cert, show me one!" The problem is worked-around by telling sendmail "don't ask for client certs". In 8.12.x and above, this is done by adding: define(`confTLS_SRV_OPTIONS',`V') to your .mc file. This will disable the ability to relay-based-on-certificates, but I think there's few people doing that, at present. Some day, maybe Microsoft software will interpret internet stuff correctly... :( D Message 5 in thread From: Andrei Tkachuk ([EMAIL PROTECTED]) Subject: Re: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2002-02-13 22:14:22 PST > support client certs, wanna show me one?" as "I need a client cert, show me > one!" > > The problem is worked-around by telling sendmail "don't ask for client > certs". In 8.12.x and above, this is done by adding: > > define(`confTLS_SRV_OPTIONS',`V') > > to your .mc file. This will disable the ability to > relay-based-on-certificates, but I think there's few people doing that, at > present. > Where exactly you define this? I am not sure I understand. I have problems accessiing SSL mail at work with my mac. All PC can. In fact there is an option in PC explore to download script that will install sertificate. It is just an Url but somehow it makes my PC read SSL email at work (e-mail server is next door, but I can't use it) :( Any suggestions? Please help. in article [EMAIL PROTECTED], Derek Balling at [EMAIL PROTECTED] wrote on 12/25/01 10:55 AM: > On 12/22/01 1:18 PM, in article [EMAIL PROTECTED], "Dan > Crevier" <[EMAIL PROTECTED]> wrote: > >> On 12/22/2001 11:29 AM, in article <[EMAIL PROTECTED]>, >> "Derek Balling" <[EMAIL PROTECTED]> wrote: >> >>> So I got an SSL certificate for the mail server I manage, and was able to >>> configure Entourage to connect to the POP server using SSL just fine. >>> >>> However, if I try to connect using SSL and SMTP-AUTH, I get an error 2995 >>> "Personal Certificate Required"... Obviously I _DON'T_ need a personal >>> certificate, I'm using SASL/SMTP-AUTH to authenticate for relaying, I just >>> want the encryption that SSL provides. >>> >>> Is there any way to convince Entourage to do this? >> >> Entourage doesn't support personal certificates. If your SMTP server is >> requiring one, you are out of luck. > > BTW, I found the problem with this (reporting back for the archives). T > > he problem is that Entourage is stupidly interpreting an MTA saying "I > support client certs, wanna show me one?" as "I need a client cert, show me > one!" > > The problem is worked-around by telling sendmail "don't ask for client > certs". In 8.12.x and above, this is done by adding: > > define(`confTLS_SRV_OPTIONS',`V') > > to your .mc file. This will disable the ability to > relay-based-on-certificates, but I think there's few people doing that, at > present. > > Some day, maybe Microsoft software will interpret internet stuff > correctly... :( > > D > > Post a follow-up to this message Message 6 in thread From: John McGhie [MVP] ([EMAIL PROTECTED]) Subject: Re: SSL on SMTP requiring "personal certificate"? Newsgroups: microsoft.public.mac.office.entourage, microsoft.public.office.mac.entourage View this article only Date: 2002-02-14 23:41:57 PST Hi Andrei: Please look at the message you posted: >> On 12/22/01 1:18 PM, in article [EMAIL PROTECTED], "Dan >> Crevier" <[EMAIL PROTECTED]> wrote: >> >>> Entourage doesn't support personal certificates. If your SMTP server is >>> requiring one, you are out of luck. Dan's the man who designed Entourage. If he says it won't work, it won't work. Sorry! Cheers -- Please post replies to the newsgroup to maintain the thread. John McGhie, Microsoft MVP: Word for Macintosh and Word for Windows Consultant Technical Writer <[EMAIL PROTECTED]> +61 4 1209 1410; Sydney, Australia: GMT + 10 hrs -- To unsubscribe: <mailto:[EMAIL PROTECTED]> archives: <http://www.mail-archive.com/entourage-talk%40lists.letterrip.com/> old-archive: <http://www.mail-archive.com/entourage-talk%40lists.boingo.com/>
