Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Internet Security for POP3, IMAP4, LDAP, SMTP, & NNTP

Internet Security for POP3, IMAP4, LDAP, SMTP, & NNTP

View products that this article applies to.

This article was previously published under Q198564

↑ Back to the top

Symptoms

When you try to make a Secure Socket Layer (SSL) connection to an Exchange Server 5.0 or 5.5 computer through POP3, IMAP4, LDAP, SMTP, or NNTP, the following pop-up error message may be displayed on the mail client:
The server you are connected to is using a security certificate that does not match its Internet address, do you want to continue using this server?
YES or NO

↑ Back to the top

Cause

The client verifies that the server certificate is from a certifying authority and then uses the certificate to send a message to authenticate the server (to verify it is who it claims to be). If the server does not pass the authentication process, the client will typically inform the user the server is not who it claims to be.

↑ Back to the top

Workaround

To work around this problem, perform the following steps:

  1. Check the Internet Mail Server name within the Internet Mail properties of the mail client.
  2. Check this name against the mail servers host name that is registered on the Internet.
  3. After these two names have been verified and are consistent, type the Key Manager applet on the Exchange server, and then select the certificate assigned to the protocol being used. Notice the Common Name that has been assigned on the right panel. This name MUST match its host name, which in turn, will match its registered name on the Internet and the Internet Mail Server name defined within the mail client's profile.
If the two names do not match, then perform the following steps:

  1. Start the Key Manager applet.
  2. Select the appropriate protocol.
  3. Delete the previous certificate.
  4. Right-click on protocol, and then click Create New Key.
  5. Follow all the menus making certain that the Common Name is consistent between its registered name, host name, and the name being referenced within the mail client, (that is, mail.microsoft.com).
  6. After you complete the previous step, select Default as the Server Connection.
  7. Select Computers in the upper left-hand corner and Commit Changes Now.

↑ Back to the top

More information

When generating a certificate, the user must define a Common Name, which is the fully qualified domain name used for DNS lookups of the server (such as mail1.microsoft.com). This information is used by mail clients to identify an e-mail domain. If you change this name within a DNS server, then a new certificate must be created.

For more information on protocol authentication, please see the following Microsoft Knowledge Base article:
175440� XFOR: Protocol Authentication on Exchange Server

↑ Back to the top

Keywords: KB198564, kbprb

↑ Back to the top

Article Info
Article ID : 198564
Revision : 6
Created on : 10/28/2006
Published on : 10/28/2006
Exists online : False
Views : 281