Certificate issue

[Zylantex]

Of late I am getting a warning every time that outlook checks my email.

 

The server that you are connected to is using a certificate that cannot be verified. The target principal name is incorrect.

 

If I choose to view the cerificate I see the following:

 

All the intended purposes of this certificate could not be verified.

Issued to: hermes.supportdns.com

Issued by RapidSSl CA

Valid from 02/08/2011 to 5/8/2013

 

Then I must click "Yes" to continue to use this server.

If I click No" I get no emails and have to do a send and receive all over again and click "Yes".

I'm sure this must be affecting other people too.

 

I realise this is probably just a technical fault that doesn't really mean much but I have to respond every time I check my email and it's getting tedious.

[Michael D.]

What version of Outlook are you using? Hermes has a valid RapidSSL certificate.

[Zylantex]

MS Outlook 2007 (12.0.4518.1014)

 

I'm still getting the message intermittantly. I am puzzled as to why it doesn't come up on every send and receive cycle but for some reason it only pops up the warning every now and then. The only thing I can think of is that whatever site Outlook checks the cert on is not always contactable, other than that I've got no other ideas.

[Zylantex]

Here's what I see

 

http://bzplay.com/images/mailcert.png

[Michael D.]

Yeah, Outlook 2007 is 5 years old and likely simply doesn't support the newer RapidSSL certificate chains. There isn't anything we can do on our end to "fix" this for you short of advising that you upgrade to a newer version of Outlook or perhaps give Thunderbird a try.

[fshagan]

This problem started cropping up in 2008, right after Outlook 2007 was released. We ran it at one of the companies I worked at, and there was a solution. I just can't recall what it was now; it is "client based" as Mike said.

 

It might be the top answer at this link:

 

justhost is a hosting service provider and if you/your company host your mail services on their non-dedicated servers, this umbrella wildcard certificate will be used to secure the connection.

 

There's a limitation in SSL/TLS that the host name the client is connecting to is not revealed to the server until a secure socket has been established. This means the server must blindly supply a default certificate which is the "*.justhost.com" you saw.

 

Thus if you access the mail server through your company's alias domain, e.g. mail.company.com, a certificate subject mismatch will occur. You could use the following steps to find the correct domain to use:

 

ping your mail server to get its IP address

Use nslookup or whois to get the host name of the server. The host name should end with "justhost.com", which is covered by the wildcard certificate.

Replace the POP/IMAP server and SMTP server address with the host name in Outlook

 

I'm not sure that was the solution. If I think of it, I'll post it here (what has happened to my memory? I forget when I lost it!)

[Zylantex]

Thanks for the responses guys.

 

Fair enough, I accept that my software is getting on a bit and I should probably update it. More money down the tubes to to get what I already have!

 

Nevertheless it has only happened in the last couple of weeks, perhaps only since Jan 1st, so I thought it was a change at the server end. I collect email from 18 email addresses spread across the US, Canada and France. None of them give me this error, just some, not all, of my MDD mail and even at that not every time. So I'm a bit puzzled by the inconsistancy.

[Michael D.]

The same certificate is used no matter the email client/server/etc. http://www.rapidssl.com/