Friday, February 12, 2010

How to troubleshoot Outlook and certificates problems

In the past days I had to troubleshoot a problem with an SSL certificate and Outlook. I didn’t found any useful infos on the net to help me so I thought I could share one little tips that help me solve my problem.

First my problem :

We have a Sharepoint site configure with HTTPS. Everything works fine in Internet Explorer, but when we try to connect a calendar or a document library in Outlook it wouldn’t synch. If a replace my normal SSL certificate (on the web site) with a self signed one it works like a charm, so I suspect it is a certificate problem.

What’s bugging me is that Outlook never showed any error dialog. Nothing in the system event log either and no way to get kind of a trace or log of what’s happening from Outlook.

Here’s my tip :

Outlook is using the Microsoft Cryptography application programming interface (CAPI) or simply put Crypto API.

Starting with Windows Vista the Crypto API has an operational event log, you just have to enable it to see what’s really happening.

  • Open the Event Viewer
  • Look For CAPI2 under Applications and Service Logs > Microsoft > Windows
  • Right click on “Operationnal” and select “Enable Log”

capi error

From the log you may be able to spot the problem with your certificate. Worked for me, I was able to see that it was trying to reach an non-existing server to get the certificate revocation list (CRL).

Don’t forget to disable the CAPI2 operational log when you’re done with the debugging.

Hope this could help someone else,