I have been looking at the traffic with tcpdump, and finally I have a
tentative answer for the problem (I will know for sure once DNS
records propagate), at least in my particular case. My service,
mail2web, specifies in the setup instructions that you must add an MX
record for your domain (say ex7.domain.com) pointing to their server's
IP, and also add a CNAME for autodiscover.domain.com.
It seems that Entourage is trying to connect to all these domains:
ex7.mail2web.com (https/443)
autodiscover.domain.com (https/443)
domain.com (https/443)
www.domain.com (http/80)
In my case, it's obvious that since autodiscover.domain.com is
pointing to mail2web's IP, the certificate check will fail. Why it is
also checking domain.com and
www.domain.com escapes my understanding,
but it's worth considering by anyone having this problem.
IMHO the best solution for this would be an 'Ignore SSL certificate
errors' setting in preferences, and let users deal with their
scenarios - much better than forcing them to go over unsecured
connections, or face clicking the error message every time they start
Entourage.
Regards,
Mother