Thursday, November 1, 2012

Adding certificates for Windows 8 Mail

I run my own email server and of course SSL-encrypt both imap and smtp, but have a self-signed certificate, not a certification authority signed certificate. Outlook has no problem with that -- it whines about the certificate, but then gives me a dialog where I can import it. Once I import it, fine. But I don't have Outlook installed on my Windows 8 evaluation for a variety of reasons. So I tried Windows 8 Mail and rather than offer to import the certificates, I got a message that I needed to contact my system administrator to import some certificates. Erm, I *am* my system administrator! Hrm. So...

My email server is running Debian "squeeze" Linux with Exim4 as the smtp server and dovecot as the imap server. The first thing I needed to do was verify on the mail server that there were valid (self-signed) certificates for both exim4 and dovecot. This can be done with:

  • openssl x509 -in some.crt -text -noout
This will give you a bunch of information about the certificate, so you may wish to pipe it to 'less'.

The exim4 certificate was expired so I regenerated it with:

  • /usr/share/doc/exim4-base/examples/exim-gencert --force
So then I located the two certificates:
  • Dovecot - /etc/ssl/certs/dovecot.pem
  • Exim4 - /etc/exim4/exim.crt
I downloaded the two certificates to my Windows 8 system via sftp and renamed the dovecot certificate from dovecot.pem to dovecot.crt . The next thing I did was open the Microsoft Management Console by pressing Windows-R and typing 'mmc'. I then selected Add/Manage Snapons, and selected to add the Certificates snapon.

Next, open up the Certificates tree until you see "Trusted Root Certification Authorities" and open it up to see "Certificates" underneath it. Right-click on Certificates and click "All Tasks" then "Import". Import your two certificates and there you are -- now all your self-signed certificates coming from your email server look as valid as any certificates, and are accepted by Windows 8 Mail just fine.

So, uhm... why does Microsoft make this so hard? I dunno, they're Microsoft, I guess. But the "ask your system administrator" is just BS, because Windows 8 Mail will *never* be used by anybody who actually has a system administrator other than themselves -- all businesses will be using Outlook Mail as their email client for a number of reasons. Oh well, just another example of how Windows 8 is half-baked and characterized by an utter lack of understanding of, well, actual customers.

-ELG

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)