Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

certificate's CN name does not match the passed value

4,697 views
Skip to first unread message

spoon2001

unread,
Dec 20, 2007, 1:51:16 PM12/20/07
to
My friend is getting the following message when starting up OE:

Internet Security Warning
The server you are connected to is using a security certificate that could
not be verified.
The certificate's CN name does not match the passed value.
Do you want to continue using this server?
Yes No

I looked at the security certificates on my own system. In Outlook
Express, I selected Tools - Options - Security - Digital IDs. The
Certificates dialog shows a list certificates under several tabs: Personal,
Other People, Intermediate Certification Authorities, Trusted Root
Certification Authorities, Trusted Publishers, Untrusted Publishers.

On my system, I have well over 100 certificates listed in these tabs! How
do I know which certificate is causing the problem?

Michael Santovec

unread,
Dec 20, 2007, 3:14:55 PM12/20/07
to
The message is not talking about your digital ids.

On his PC he has specified Tools, Accounts, Mail, Properties, Advanced
to use SSL for the POP3 mail server. The certificate that the POP3 mail
server responds with does not match the POP3 server name on the Servers
tab.

This would point to one of several causes:

- He's using an alias or IP address for the POP3 server name
- He's using an anti-virus scanning e-mail or anti-spam program and it
is screwing up the SSL processing
- The mail service has an error in their certificate.

--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm


"spoon2001" <inv...@invalid.invalid> wrote in message
news:9ngwy7sl49dn$.1wrauxy3i14zi.dlg@40tude.net...

spoon2001

unread,
Dec 20, 2007, 10:06:15 PM12/20/07
to
On Thu, 20 Dec 2007 12:14:55 -0800, Michael Santovec wrote:

> The message is not talking about your digital ids.
>
> On his PC he has specified Tools, Accounts, Mail, Properties, Advanced
> to use SSL for the POP3 mail server. The certificate that the POP3 mail
> server responds with does not match the POP3 server name on the Servers
> tab.
>
> This would point to one of several causes:
>
> - He's using an alias or IP address for the POP3 server name
> - He's using an anti-virus scanning e-mail or anti-spam program and it
> is screwing up the SSL processing
> - The mail service has an error in their certificate.

Thanks Michael. I had him gave him server names to type in, as well as
SMTP and POP3 port numbers for SSL. Not sure what did the trick, but he
reports the problem is gone.

Michael Santovec

unread,
Dec 21, 2007, 8:32:23 PM12/21/07
to
You are welcome and thanks for posting back.

--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm


"spoon2001" <inv...@invalid.invalid> wrote in message

news:1gfzbr9w42hno$.1excgmng8txij.dlg@40tude.net...

Solutions@discussions.microsoft.com TVAP Solutions

unread,
Mar 17, 2008, 3:47:02 PM3/17/08
to
I have a similar issue with a certificate that is mismatched. Unfortunately
there is no way for me to fix the issue on the server side. I was wondering
if there was any way to permanently accept the certificate in outlook. In
Thunderbird, there is an addon to "remember mismatched domains."

I have seen where some have suggested that the certificate be copied to
root, trusted, or local. All I have been able to do is make a copy from with
in the certificates snap-in. I also added the domain to the trusted sites in
the security tab, but this didn't help either.

Thanks in advance for any advice.

Michael Santovec

unread,
Mar 17, 2008, 6:21:16 PM3/17/08
to
There's no setting in OE for that. But there is a possible workaround.

The issue is that OE expects that the server name in Tools, Accounts,
Mail, Properties, Servers, Incoming Mail (POP3) to match what the
certificate says.

So for OE to avoid the pop-up, you need to use the domain name in the
certificate for POP3 server setting in OE. But presumably there is some
reason you can't do that. Do you not own the domain that the server
certificate says it belongs to?

As a workaround, you could use the HOSTS file on the OE PC.

In Windows XP this file is located at
C:\WINDOWS\system32\drivers\etc\HOSTS
Note that it has NO file extension. Use Notepad to edit. If you don't
see the HOSTS file there, you should see a hosts.sam file which is a
Sample one. It needs to be saved without the extension to be the active
one.

First you need to determine the IP address of the currently used by OE
POP3 server. You can at a command prompt use either PING server-name or
NSLOOKUP server-name. PING will return a single IP address (the PING
itself may file, but will still tell you the IP address). The NSLOOKUP
may return multiple IP addresses, but you can use only one in the next
step.

Then in the HOSTS file put an entry
ip-address CN-Server-name
where IP is the IP address returned above and CN-Server-name is the name
in the certificate.

Then in OE change the server name to the CN-Server-name.

The down side to this is that if ever the server IP address changes,
you'll need to edit the HOSTS file.

--

Mike - http://pages.prodigy.net/michael_santovec/techhelp.htm


"TVAP Solutions" <TVAP Solu...@discussions.microsoft.com> wrote in
message news:BC32366D-CBE0-4967...@microsoft.com...

kecskemet

unread,
Apr 4, 2008, 10:15:00 PM4/4/08
to

grzy...@hotmail.com

unread,
Apr 5, 2008, 1:59:33 PM4/5/08
to

Użytkownik "kecskemet" <kecs...@discussions.microsoft.com> napisał w
wiadomości news:7DAEDEB1-963D-4DA9...@microsoft.com...
0 new messages