Outlook Banter

Outlook Banter (http://www.outlookbanter.com/)
-   Outlook - General Queries (http://www.outlookbanter.com/outlook-general-queries/)
-   -   SSL Certificate Domain Mismatch (http://www.outlookbanter.com/outlook-general-queries/68805-ssl-certificate-domain-mismatch.html)

[email protected] March 18th 08 03:08 PM
SSL Certificate Domain Mismatch
 
Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor

neo [mvp outlook] March 18th 08 10:26 PM
SSL Certificate Domain Mismatch
 
No such thing exists. Outlook is going to enforce that whatever is used for
the server name matches the subject (or subject alternate name) on the
certficate in question. With that said, can you create an alias (CNAME) in
DNS where everything lines up correctly with the SSL certificate?


wrote in message
...
Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor



[email protected] March 19th 08 03:42 AM
SSL Certificate Domain Mismatch
 
Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Thanks for responding..

On Mar 18, 5:26 pm, "neo [mvp outlook]"
wrote:
No such thing exists. Outlook is going to enforce that whatever is used for
the server name matches the subject (or subject alternate name) on the
certficate in question. With that said, can you create an alias (CNAME) in
DNS where everything lines up correctly with the SSL certificate?

wrote in message

...

Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor

Brian Tillman March 19th 08 11:39 AM
SSL Certificate Domain Mismatch
 
wrote:

Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Neo was suggesting changing neither the certificate nor the mail server. He
was suggesting adding a CNAME record to your DNS server.
--
Brian Tillman [MVP-Outlook]


neo [mvp outlook] March 19th 08 12:37 PM
SSL Certificate Domain Mismatch
 
it makes sense to what he is saying where creating the cname won't help.
either the server names in outlook need to be change or the ssl certificate
needs to be addressed if they wish to secure the connection.

"Brian Tillman" wrote in message
...
wrote:

Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Neo was suggesting changing neither the certificate nor the mail server.
He was suggesting adding a CNAME record to your DNS server.
--
Brian Tillman [MVP-Outlook]




All times are GMT +1. The time now is 11:25 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 2.4.0
Copyright ©2004-2006 OutlookBanter.com