Leopard update breaks Entourage support for Exchange SSL root certificates

Apple released Mac OS X 10.5 (Leopard) a week ago and for the most part Entourage 2004 is “very compatible” according to There’s a new cat in town on Microsoft’s Mac Mojo blog. However, they also acknowledge that they discovered some code in their Leopard testing and will be releasing an update “shortly”.

Most of the Entourage trouble reports that I’ve read in the Apple and Microsoft online forums are anecdotal but one Exchange bug seems to be validating.

This bug affects users in an Exchange environment where users must import an SSL server root certificate into their Mac OS X keychain. The error reported by Entourage is that the root certificate is not correct. A valid certificate appears in the Keychain Access utility as trusted and unexpired.

Whereas Mac OS X 10.4 users could acquire the server certificate and import it into their x509Anchors, Mac OS X 10.5 users can now import the certificates into the user’s login keychain and the system will trust it. Entourage, however, is not trusting the server.
Although Apple released the Login & Keychain Update 1.0 the day after Leopard’s release, it does not address the certificate issue.

Share this:
  • Twitter
  • Facebook
  • del.icio.us
  • Digg
  • StumbleUpon
  • Google Bookmarks
  • PDF
  • Print

11 comments to Leopard update breaks Entourage support for Exchange SSL root certificates

  • We use Small Business Server 2003 Premium and I just imported the cert key into the login keychain and Entourage is connecting without a hitch. No more pesky pop-ups.
    I did have the keychain update installed before i tried this.

  • FOLLOWUP:
    Importing the certificate into the Login keychain may have worked for Dave but it didn’t work for me.
    However, in the Mac Rumors forum a poster who goes by the name nix.hanno provided a solution that does work for me. His reasoning is that although the X509Anchors have been “obsoleted” in Leopard this is still where Entourage 2004 is looking for root certificates. Using the command line tool “certtool” still allows the root certificate to be imported into the X509Anchors.
    nix.hanno’s comments seem reasonable but then that means Microsoft must release an update for Entourage 2004 to compensate for the new root certificate locations.

  • Edmond Wright

    I am just about to purchase one of the latest Macs installed with Leopard. What must I do to ensure that all my Entourage emails and address book details are safely transferred from the old Mac (a PowerBook G4, installed with Tiger). The shopkeeper has warned that there are problems, but did not specify them.

  • Hi Edmond!
    The most important thing to know is where your data gets stored. You want to locate the folder “~/Documents/Microsoft User Data” where ” ~ ” is your home folder. Transfer that folder to the same place in your new home folder on your new Mac.
    The Office Test Drive will most likely come pre-installed on your new Mac. Delete it immediately. Do no launch it. Then install your license for Office 2004 and apply all updates starting with the 11.3.5 combo updater.
    If you have any further questions or issues be sure to visit us and many others in the Microsoft newsgroup at http://groups.google.com/group/microsoft.public.mac.office.entourage.
    Good luck with with your migration and enjoy your new Mac!
    Thanks for posting.

  • Frank Dutkiewicz

    I tried these steps, but entourage is still giving the same error. Made sure to convert the certificate as well. I’m at a loss.

  • Hi Frank!
    Specifically, which steps did you try? Did you see my FOLLOWUP comment on this page? Keep in mind this applies to Entourage 2004 running on Leopard.

  • Jesse

    After upgrading, if you’re having this issue, try this.
    Open keychain access, see if you have X509Anchors listed on the left under keychains.
    If yes, you’re on your own.
    If no, add it!
    -Click edit, keychain list. Click the plus sign, navigate to /System/Library/Keychains, select x509anchors
    -Re-import the SSL certificate.

  • Tom H.

    to jesse:
    thank you very much for sharing this solution.
    it works for me very well.
    kr,
    tom

  • graeme dennis

    >>> -Re-import the SSL certificate
    How is this done in Leopard?
    I have added X509Anchors to the keychain list.
    Thank you very much!!!!!

  • Klaus Matzka

    Jesse,
    this did it for me! Thanks a lot.
    Klaus.
    ——————–
    After upgrading, if you’re having this issue, try this.
    Open keychain access, see if you have X509Anchors listed on the left under keychains.
    If yes, you’re on your own.
    If no, add it!
    -Click edit, keychain list. Click the plus sign, navigate to /System/Library/Keychains, select x509anchors
    -Re-import the SSL certificate.
    ——————–

  • Rafael Montserrat

    Hi,
    I remember a few weeks ago receiving an email I didn’t understand, but I think it said something about ‘certificate’, and inferred that I wasn’t protected in some way and that i should add something. It flashed (? appeared unannounced) a couple more time. Then I had a restart problem with a loss of email, and I don’t have it and can’t find it. I think it has something to do with what you are talking about above.
    iBook G4
    OS 10.4.11
    Entourage 11.4.0
    Perhaps my question about what to do is answered above, if so, would you please direct me to the right information. I’m lucky to find this site. Thanks,
    Rafael