[Dovecot] SSL/TLS with Outlook client

Hugo Monteiro hugo.monteiro at fct.unl.pt
Wed Nov 14 01:44:27 EET 2007


Eli Sand wrote:
> Nikolay Shopik wrote:
>   
>> Usually it works like this. You are configure your mail client to
>> address like this mail.example.com, when mail client establish
>> connection to server and receive certificate it compare CN with current
>> configuration in it. So if you configure connect to mx.example.com but
>> server receive certificate with CN=mail.example.com it should warn you.
>> It doesn't do any PTR lookups.
>>     
>
> I have experimented with Outlook 2k7 and valid certificates from CACert and
> I am unable to say that this is for sure how Outlook is behaving.
>
> I have tested with a wildcard cert, and names of both the MX record and the
> A record configured in the mail client.  All three of which produced the
> same ultimate "The target principal name is incorrect." Error.  The
> certificate is valid and I do have the root CA certs loaded in Windows
> correctly.
>
>   


Ah ... wildcard certs .. from what i recall, certs issued like 
*.example.com were not very well accepted by M$ clients. You should test 
against non wildcard certs and see how it behaves.

Regards,

Hugo Monteiro.

-- 
ci.fct.unl.pt:~# cat .signature

Hugo Monteiro
Email	 : hugo.monteiro at fct.unl.pt
Telefone : +351 212948300 Ext.15307

Centro de Informática
Faculdade de Ciências e Tecnologia da
		   Universidade Nova de Lisboa
Quinta da Torre   2829-516 Caparica   Portugal
Telefone: +351 212948596   Fax: +351 212948548
www.ci.fct.unl.pt	      apoio at fct.unl.pt

ci.fct.unl.pt:~# _



More information about the dovecot mailing list