[Dovecot] SSL/TLS with Outlook client
Hugo Monteiro
hugo.monteiro at fct.unl.pt
Wed Nov 14 01:44:27 EET 2007
Eli Sand wrote:
> Nikolay Shopik wrote:
>
>> Usually it works like this. You are configure your mail client to
>> address like this mail.example.com, when mail client establish
>> connection to server and receive certificate it compare CN with current
>> configuration in it. So if you configure connect to mx.example.com but
>> server receive certificate with CN=mail.example.com it should warn you.
>> It doesn't do any PTR lookups.
>>
>
> I have experimented with Outlook 2k7 and valid certificates from CACert and
> I am unable to say that this is for sure how Outlook is behaving.
>
> I have tested with a wildcard cert, and names of both the MX record and the
> A record configured in the mail client. All three of which produced the
> same ultimate "The target principal name is incorrect." Error. The
> certificate is valid and I do have the root CA certs loaded in Windows
> correctly.
>
>
Ah ... wildcard certs .. from what i recall, certs issued like
*.example.com were not very well accepted by M$ clients. You should test
against non wildcard certs and see how it behaves.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : hugo.monteiro at fct.unl.pt
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt apoio at fct.unl.pt
ci.fct.unl.pt:~# _
More information about the dovecot
mailing list