Thursday, October 23, 2008

Important certificate note to self

I've been having issues on a server, where I was supposed to create a secure channel (tls) to a remote server for synchronizing the exchange free/busy information on users. I long suspected it to be certificate related, but I always ended up by turning ssl of (thus running unencrypted). I thought I had it all done right, when importing the root certificate of the CA to the trusted root. But it never solved my problem. 

Thanks to my OCS course, a bright light dawned on me. The reason why the TLS failed could be several. First of all, if you are running the sync service as a service on the server, the certificate must be in the trusted root of the computer, not the administrator (or other account which you are installing as). Second, if the service is set up to "run as" a separate user. It is a good idea to log on as that particular user, and import the certificate as that user. Quite simple when you think about it, but not always intuitive..... :P