Certificate error in Outlook IMAP Accounts


#1

Anyone else receiving the same certificate errors after configuring dreamhost hosted email accounts in Microsoft Outlook.

I have attempted to install the certificate, but this has made no difference.


#2

Jut click yes to the question, “do you want to continue using this server?” The reason you get the error is because the certificate is issued to dreamhost.com but you are accessing via mail.yourdomain.com.


#3

As a workaround I do click ‘yes’, but I have four accounts to do this for everytime I open MS Outlook. As you can imagine this can get quiet annoying over time.

Can dreamhost issue a certificate automatically for every domain utilizing mail services?


#4

I can think of two choices here (there may be more… and if someone supplies another I will be learning too):

Choice 1 - turn off encryption (edit the email account, click ‘more settings’ and on the advanced tab set the dropdown for secure connections to ‘none’

Using this choice your email in no longer encrypted between the server and outlook. (this is also the method that Outlook ‘discovers’ by default if you use the new account wizard to add the account.)

Choice 2 - if you need the encrypted connection, leave your setup as is and deal with the warning.


Dreamhost could, as you suggest, issue a certificate for each mail domain. However, if they issue a ‘self-signed’ certificate like the one currently in use for mail, it still would not solve the problem as windows would report “Windows does not have enough information to verify this certificate.” and the same error dialog would be presented.

If dreamhost issued a 3rd party (verisign, etc) certificate for each email domain they would have to charge us the 3rd party fee (+profit) for the certificate.


AFAIK, if you need encrypted email you have to deal with the warning, if non-encrypted email works for you then turn off encryption and the error goes away.

Perhaps a window’s registry edit exists to suppress the dialog as well, but I’ve never looked for it.[hr]
As an afterwards to this post, the 3rd option is to switch your email handling over to gmail…[hr]
I also just found this article over on micro$oft technet: http://blogs.technet.com/b/asiasupp/archive/2007/05/29/self-signed-certificate-issue-when-connecting-to-the-exchange-server.aspx

It’s old and it is written in “vista” speak, but you may be able to adapt the information to work with whatever your current win/outlook version are.


#5

[quote]Dreamhost could, as you suggest, issue a certificate for each mail domain. However, if they issue a ‘self-signed’ certificate like the one currently in use for mail, it still would not solve the problem as windows would report “Windows does not have enough information to verify this certificate.” and the same error dialog would be presented.

If dreamhost issued a 3rd party (verisign, etc) certificate for each email domain they would have to charge us the 3rd party fee (+profit) for the certificate.
[/quote]

Actually, even issuing a certificate for the domain wouldn’t be enough — just like for HTTPS hosting, a mail domain would have to have a unique IP of its own (separate from a unique IP for the web site) to use SSL. Depending on what parts of the mail system you wanted to protect, several different unique IPs might actually be necessary. This is enough of a pain (and would require so many unique IPs) that we don’t actually support it.


#6

I didn’t even think about the unique IP’s and possible need for more than one certificate per domain–but i see the point clearly.

A long long time ago in an internet galaxy that is far far away you could get rid of the warning in outlook…as I remember with a “Don’t show me this again” checkbox (circa… Outlook 2002)…but of course Microsoft and the CA’s (Certificate Authorities) have to help each other make money…


#7

May we could find any other solution for this services? Microsoft is really disgusting for me…


#8

Well, don’t use Microsoft’s email software for one. :slight_smile:


#9

you can get rid of the warning now. See: http://wiki.dreamhost.com/Secure_E-mail
You will need to follow a couple links to other wiki pages and follow some advanced instructions, but it can be done.


#10

I found this article today when searching for a solution: Certificate domain mismatch error when connecting to a DreamHost mail server - https://help.dreamhost.com/hc/en-us/articles/215306748-Certificate-domain-mismatch-error-when-connecting-to-a-DreamHost-mail-server

John


#11

Thanks for updating, the link you found is the correct updated location of the now deprecated page that I linked above 5 years ago.