Cannot verify sender's digital signatures when the sender's intermediate CA digital certificates provide authority information access through LDAP or HTTP and the recipient's Exchange server is behind a firewall
Topic Last Modified: 2005-05-19
This issue is similar to the previous issue where intermediate digital certificates do not provide authority information access information. But in this situation, authority information access information is provided but the digital certificates for the intermediate CAs are available only though Lightweight Directory Access Protocol (LDAP) or HTTP, and the recipient's Exchange server is behind a firewall.
By default, when behind a firewall, the Exchange server cannot successfully make LDAP or HTTP connections to the servers specified in the certificates' authority information access. As a consequence, the Exchange server cannot successfully validate the full certificate chain.
If a recipient views a message signed using a certificate that provides access to the digital certificates of the intermediate CAs specified in authority information access through LDAP or HTTP, and the recipient's Exchange server is behind a firewall and cannot connect through the firewall over the protocol specified in authority information access, Outlook Web Access displays the following error message:
The digital ID was issued by an untrusted source.
To resolve this issue, do either of the following:
Import the digital certificates for the sender's intermediate CAs into the Intermediate Certification Authorities folder in the Local Computer certificate store of the recipient's Exchange server.
Install and configure a firewall client for the appropriate protocols on the recipient's Exchange server.
|If the recipient's Exchange server is running Windows Server 2003, you do not need to install a separate firewall client. Windows Server 2003 has built-in firewall client capabilities that you can configure using ProxyCFG.exe. For more information about ProxyCFG.exe, see Windows Server 2003 Help.|