From: Andrew Diederich (andrewdiedgmail.com)
Date: Wed May 31 2006 - 21:45:21 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 5/31/06, Victor Duchovni <Victor.Duchovnimorganstanley.com> wrote:
> On Wed, May 31, 2006 at 12:55:39PM -0600, Andrew Diederich wrote:
> > It looks like outlook is still not sending the certificate. The cert
> > is identified in the S/MIME settings in outlook, which is as close as
> > I could find to put it.
>
> Well, S/MIME is for email signing, not TLS client authentication. What are
> the X509v3 constraints in the certificate? Does the CAfile.pem actually
> include the certificate of the CA that signed the client certificate?

Right. S/MIME was the closest thing in the UI for Outlook, so I went
with that. Client auth, server auth, signing, encrypting. Yes, it has
the full CA chain.

> > Thanks for the tip on smtpd_tls_CAfile, though as far as I can tell
> > it's still an Outlook issue.
>
> Yes, the Outlook client may not support the feature or may need further
> configuration. To find out which, ask your Microsoft support engineer
> (it may take a few rounds to ensure the question is understood correctly).

I don't have one of those, unfortunately. I couldn't find anything on
the microsoft website saying they didn't support it. Or that they did
support it. So, at this point I'm guessing through trial and error it
doesn't support it, and since no one has jumped in saying they'd made
it work.

--
Andrew Diederich

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]