Monday, April 13, 2009

Exchange Labs MA and Certificate Authentication

Anybody using the Exchange Labs MA may have had a rough time with certificates since the only authentication supported by the MA in R2 was client certificate authentication.

PowerShell is your friend when troubleshooting certificate issues. For example, to verify the existence of the certificate in the correct store you could run this from the PowerShell command line:

Get-ChildItem -path cert:\LocalMachine\Root where {$_.subject -like '*thatschool*'} fl

Output from the command on my computer is:
Subject :,, O=Oxford Computer Group, L=Snohomish, S=WA, C=US
Issuer : CN=Microsoft Secure Server Authority, DC=redmond, DC=corp, DC=microsoft, DC=com
Thumbprint : 49B71EE8925C4028150874C78E8B180E15C75FAD
FriendlyName : Oxford Computer Group
NotBefore : 7/3/2008 7:39:46 AM
NotAfter : 7/3/2009 7:39:46 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}

What does that prove? Well it proves that you've installed the certificate into the correct store so that ELMA can find it. If you still get authentication errors then you've at least ruled this one out.

No comments: