SSL "Internet Security Warning"

[Aesculaepius]

The new version of Outlook tells me (every time I start it) that the SSL
connection to my university's email server has a certificate that cannot be
verified. "The target principle name is incorrect." I have to use SSL to
connect, and I have to say "yes, it's okay to talk to this sever" every time
Outlook starts. I appreciate what it's trying to tell me, but there's no
option I can find that says "yes, don't ask me this question again." Anyone
know if there's a way around this?

 

[Diane Poremsky [MVP]]

New version = outlook 2007? if so, it's a bug in the beta and you'll have
to tolerate it for now.

 

[Patrick Schmid]

It's not a bug in the beta, this message is on purpose (and it is on
purpose that there is no never show this again checkbox).
When you see this message, there is an View Certificate button. This
will show you the certificate. In that dialog, you can figure out why
there is an issue with the certificate. For example, you could see that
it has expired. It could also be the case that you don't have any of the
signatories of the SSL in your trusted issuers list on your computer.
The dialog should tell you why the certificate is wrong (you might have
to look through all the tabs though). Once you know the reason, you can
go about fixing it.
In the easiest case, the certificate is not signed at all (which I doubt
would be the case for your university) and you'd have to install it in
your local Windows certificate store. It could be the case that you
don't trust any of the signatories, which means that you might have to
get the CA certificate from your university and add that to your trusted
list.
If anything is wrong with the certificate itself, then your university
needs to fix it.
The message is purposeful and it is a security measure. Outlook requires
you to solve the underlying security issue instead of giving you a don't
show again checkbox.
I'd suggest that you take a look at the certificate, and see if you
can't determine the problem. If you can, post again here and I can try
to help you resolve that particular issue. If you are not sure what is
wrong with the certificate, I would suggest to contact the help desk of
your university's IT and get their help.

Patrick Schmid

 

[Aesculaepius]

I suspect the problem lies in the certificate information, too. It says,
"certificate issued for the following reasons:" and then there's a bullet
with no text at all.

It is issued to *.email.domain.edu and my account is username.email.umn.edu
for the server.

It is issued by "Server Server Certificate Authority" (Verisign) and is
valid until 12/15/06.

I had already viewed the certificate and I can't see anything wrong, but I'm
not an expert in certificates, so any help is appreciated.

~Aesc

 

[Patrick Schmid]

VeriSign is a valid signing authority which your computer should trust
automatically. It doesn't seem like there is anything you can do on your
side about it.
You should contact your university's IT and complain that they have an
SSL certificate that produces an error. If they aren't happy that you
are using beta software, get Thunderbird and try to see if you get an
error message there (Thunderbird has an almost similar dialog as Outlook
with the exception that it has a never show again feature).
What surprises me is that the certificate is issued for domain.edu, but
your correct domain is umn.edu. I don't know much about the error
message Outlook showed, but "target principle name wrong" sounds like
that could be what is meant.


Patrick Schmid