Apply Certificate for Office365 MailBoxes which is using OAuth Configurations
User can configure O365 in both incoming & outgoing settings in SDP. To Connect mail server from SDP, its certificates should be available in SDP's Keystore.
This document is for users who have applied internal CA Certificate for O365 OAuth Authorisation URL (For Example : https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize). To check this, refer the screenshots below. If the root certificate name for Authorisation url is different from "DigiCert Global Root CA" then internal CA certificate is applied and this document applies to such environments.
Procedure to Apply the Certificate :
- Open the Authorization url (For Example : https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize) in a new tab in a browser.
- Export the Certificate from the Browser.
Follow the below steps to export the certificate in Google Chrome.
- Click on the Lock Symbol in the URL Title Bar.
- Navigate through the dropdown, to view certificate refer the below screenshots.
- In the Certificate Window, Select "Root" Certificate which is first at the Certificate Hierarchy.
- Click on "Export Certificate" to Dowload the selected certificate.
Follow the Below Steps to Export the certificate in Mozilla FireFox.
- Click on the pad lock symbol >> Click on connection >> More Information >> Security >> View Certificate
- In the Certificate window, Select the right most tab, scroll down to Miscellaneous Area and download "PEM (cert)" should be downloaded.
3. Copy the Certificate to the folder <server_home>\jre\lib\security\.
4.Go to <server_home>\jre\bin folder in the command prompt / terminal app. Execute the below command
If you do not have "jssecacerts" file in the <server_home>\jre\lib\security folder, then copy cacerts file to the same folder and rename it to "jssecacerts".
- keytool -import -alias outlook.com -keystore ..\lib\security\jssecacerts -file <full_path_to_the_downloaded_certificate>
5. Provide password as "changeit" when prompted.
6. If the certificate is valid, it will prompt "do you trust this certificate?". Type 'yes' and press enter.
7. Certificate will be added to the keystore.
8. Restart the application service once and check whether you could able to connect to the Mail Server.
New to ADSelfService Plus?