Email outgoing server authentication

S

searchmasters

Verified User
Joined
Sep 7, 2009
Messages
12
Location
Auckland, New Zealand
I have directadmin on a dedicated server, and have outlook setup for the account as follows:

both incoming and outgoing: mail.mydomain.co.nz

my outgoing server smtp requires authentication
- same settings as incoming

advanced tab - outgoing port 587, and tls encryption

But outlook reports the following:

The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect
view certificate

Do you want to continue using this server?


The certificate shows - THis CA Root certificate is not trusted. To enable trust, install this certificate in the trusted root certification authorities store
Issued to: localhost
issued by: localhost
valid from 3/9/2009 to 18/1/2037 - ie from when my dedicated server was installed.

While I can certainly continue to click "Yes" to trust the cert, I am not keen on this continuing for my clients.

How do I get a certificate that can be trusted in such a way that this error does not continue.

I would like it working not for just mydomain.co.nz, but for each of my clients domains.

I have seen comment that tls is the new ssl, and I have seen port 587 recommended. I can send emails fine, so its working. I just need to make whatever changes are required so this error message does not show.
 
@scsi: does the link have any information on using Certificates with email? No? I didn't think so. Please don't post incorrect information.
searchmasters said:
The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect
view certificate

Do you want to continue using this server?
Click to expand...
The principal name is incorrect error means simply that your Certificate is set up for one fqdn, and the user is using another. For example, if the certificate is for mail.example.com, then all users must log into mail.example.com and not (for example) mail.theirdoman.example.com.
The certificate shows - THis CA Root certificate is not trusted. To enable trust, install this certificate in the trusted root certification authorities store
Issued to: localhost
issued by: localhost
valid from 3/9/2009 to 18/1/2037 - ie from when my dedicated server was installed.

While I can certainly continue to click "Yes" to trust the cert, I am not keen on this continuing for my clients.

How do I get a certificate that can be trusted in such a way that this error does not continue.
Click to expand...
Buy and install a commercial Secure Certificate.
I would like it working not for just mydomain.co.nz, but for each of my clients domains.
Click to expand...
Then buy a either a wildcard certificate for the . domain (I don't think any Certificate Authority would sell you one; if you had it you could use it to pretend to be every domain in the world, even for https).
I have seen comment that tls is the new ssl, and I have seen port 587 recommended. I can send emails fine, so its working. I just need to make whatever changes are required so this error message does not show.
Click to expand...
As I explained above.

Jeff
 
Thanks for your full reply Jeff.

I am keen for emails to work, and in its current state, I don't consider the email setup is acceptable. However, I am unwilling to get secure certs for each and every client just to get email working properly/errorless.

Is there a way that I can say get one securecert for my hosting domain smhost.co.nz, and have people use mail.smhost.co.nz as their pop/smtp servers.

If there is such a way, then there needs to be facility to have such a system added easily into directadmin. Should be an easily accessable feature.
 
searchmasters said:
Thanks for your full reply Jeff.
Click to expand...
It wasn't full enough; see below.
I am keen for emails to work, and in its current state, I don't consider the email setup is acceptable. However, I am unwilling to get secure certs for each and every client just to get email working properly/errorless.
Click to expand...
I'm sorry but I left out a part of my reply; you can't do that; you can only have one secure Certificate in email.
Is there a way that I can say get one securecert for my hosting domain smhost.co.nz, and have people use mail.smhost.co.nz as their pop/smtp servers.
Click to expand...
Exactly.
If there is such a way, then there needs to be facility to have such a system added easily into directadmin. Should be an easily accessable feature.
Click to expand...
That would be a feature request; you might want to write it up in the Feature Requests subforum.

Jeff
 
Or I could just not do encrypted smtp at all.

In outlook 2007, I have now used "... the following type of encrypted connection" "None", and it works fine with no error messages.

But of course, in internet cafe/airport/ etc style open environments, you don't have the protection of emails via ssl.
 
You must log in or register to reply here.
Back
Top