Friday, 18 September 2015

Microsoft: Certificate warning in Outlook 2016 for Mac

<< Symptoms >>
Assume that Microsoft Outlook 2016 for Mac performs an Autodiscover operation. For example, Outlook performs an Autodiscover operation during Outlook start or periodically while Outlook runs. In this scenario, you may receive a warning message that resembles the following:

A secure connection cannot be established with the server <domain.com> because its intermediate or root certificate cannot be found. Do you want to continue?

If you continue, the information that you view and send will be encrypted, but will not be secure.

When you receive this warning message, you can click Continue to accept the warning. However, the warning may reappear the next time that Autodiscover runs.

<< Cause >>
This issue occurs in Outlook 2016 for Mac version 15.9 and later versions when Outlook performs an Autodiscover operation and tries to connect to a service endpoint whose expected name is not present on the server's Secure Sockets Layer (SSL) certificate.

<< Resolution >>
To resolve this issue, use one of the following methods:

Method 1
Reissue a certificate that includes the domain name as the Subject Alternative Name. This enables you to resolve the issue for all Outlook for Mac clients without having to trust the certificate from each client individually.

Method 2
Trust the certificate on the Mac client. This solution enables you to resolve the issue quickly for individual Mac clients without having to reissue the certificate.
1. When you receive the certificate warning message, click Show Certificate.
2. Select the Always trust <https://www.domain.com> when connecting to <domain.com> check box, and then click Continue.

<< More information >>
As an example, consider the domain Contoso.com. This domain has an SSL certificate configured for the domain Wingtiptoys.com. When Outlook 2016 for Mac performs Autodiscover, it uses the domain name part of the user's SMTP address to query DNS. In this example, it tries to connect the URL https://contoso.com/Autodiscover/Autodiscover.xml, and it expects the certificate for the top-level domain Contoso.com. However, Outlook receives the certificate that is named Wingtiptoys.com. The certificate name mismatch causes Outlook to present the warning that is mentioned in the "Symptoms" section.

When you view the details of the certificate by clicking Show Certificate, you see a warning message in the certificate details that states the following:

This certificate is not valid (host name mismatch)

If you receive a certificate warning that resembles this warning but does not contain the phrase "host name mismatch," method 1 in the "Resolution" section may not resolve the issue.

No comments:

Post a Comment