Nikolay Shopik wrote:
Usually it works like this. You are configure your mail client to address like this mail.example.com, when mail client establish connection to server and receive certificate it compare CN with current configuration in it. So if you configure connect to mx.example.com but server receive certificate with CN=mail.example.com it should warn you. It doesn't do any PTR lookups.
I have experimented with Outlook 2k7 and valid certificates from CACert and I am unable to say that this is for sure how Outlook is behaving.
I have tested with a wildcard cert, and names of both the MX record and the A record configured in the mail client. All three of which produced the same ultimate "The target principal name is incorrect." Error. The certificate is valid and I do have the root CA certs loaded in Windows correctly.
I'm pretty close to emailing Microsoft themselves to help solve the problem since I am unable to figure out why the error is happening (even debug logging from Outlook produces nothing).
Eli.