Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor

No such thing exists. Outlook is going to enforce that whatever is used for
the server name matches the subject (or subject alternate name) on the
certficate in question. With that said, can you create an alias (CNAME) in
DNS where everything lines up correctly with the SSL certificate?


wrote in message
...
Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor

Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Thanks for responding..

On Mar 18, 5:26 pm, "neo [mvp outlook]"
wrote:
No such thing exists. Outlook is going to enforce that whatever is used for
the server name matches the subject (or subject alternate name) on the
certficate in question. With that said, can you create an alias (CNAME) in
DNS where everything lines up correctly with the SSL certificate?

wrote in message

...

Hey guys,

We have to use the same certificate for our email domain that was
issued to our primary domain. As you can imagine, Outlook 2003 (and
every other mail client in existence) does not like this. But, as far
as I can determine, Outlook does not provide us with a way to accept
this permanently.

I have installed the certificate as trusted. I have added the domain
to the Trusted Sites in the security tab, then lowered the security
for Trusted Sites down to next to nonexistent.

I know there is a workaround using your hosts file, but we cannot
change the incoming and outgoing servers inside of Outlook.

Given that we cannot change the incoming and outgoing servers inside
of Outlook and that we cannot make the necessary updates to the
certificate on the server side, is there anyway to have Outlook
permanently accept the mismatch? Or have it ignore it completely?

Can we maybe use cross-certificates? Modify a registry entry?

Thanks in advance for your assistance,

Sid Taylor

wrote:

Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Neo was suggesting changing neither the certificate nor the mail server. He
was suggesting adding a CNAME record to your DNS server.
--
Brian Tillman [MVP-Outlook]

it makes sense to what he is saying where creating the cname won't help.
either the server names in outlook need to be change or the ssl certificate
needs to be addressed if they wish to secure the connection.

"Brian Tillman" wrote in message
...
wrote:

Unfortunately, we are unable to modify the SSL certificate or the
server settings with Outlook. We can modify nearly every other aspect
of the client machines and the server configuration.

Neo was suggesting changing neither the certificate nor the mail server.
He was suggesting adding a CNAME record to your DNS server.
--
Brian Tillman [MVP-Outlook]