[Dovecot] SSL/TLS with Outlook client

Eli Sand dovecot-list at elisand.com
Wed Nov 14 01:23:52 EET 2007


Nikolay Shopik wrote:
> Usually it works like this. You are configure your mail client to
> address like this mail.example.com, when mail client establish
> connection to server and receive certificate it compare CN with current
> configuration in it. So if you configure connect to mx.example.com but
> server receive certificate with CN=mail.example.com it should warn you.
> It doesn't do any PTR lookups.

I have experimented with Outlook 2k7 and valid certificates from CACert and
I am unable to say that this is for sure how Outlook is behaving.

I have tested with a wildcard cert, and names of both the MX record and the
A record configured in the mail client.  All three of which produced the
same ultimate "The target principal name is incorrect." Error.  The
certificate is valid and I do have the root CA certs loaded in Windows
correctly.

I'm pretty close to emailing Microsoft themselves to help solve the problem
since I am unable to figure out why the error is happening (even debug
logging from Outlook produces nothing).

Eli.



More information about the dovecot mailing list