Solved Outlook issue (Mail subdomain doesn't serve wildcard SSL certificate)

JosKlever

Verified User
Joined
Jun 7, 2015
Messages
74
Location
Werkhoven, NL
I noticed some issues with setting up mailboxes in Outlook using IMAP. The domain is having a wildcard Let's Encrypt certificate, but the mail (and pop/ smtp) subdomain don't seem to use this wildcard certificate. What am I missing here?

Example domain: joskleverwebsupport.nl
Domain used for mailserver (same server): mail.joskleverwebsupport.nl

The mail subdomain seems to use the server certificate instead of the domain's wildcard certificate.

Thanks,
Jos Klever
 
seems ok to me, that is the power of SNI :)
000.661]‑‑>STARTTLS
[000.745]<‑‑220 TLS go ahead
[000.745]STARTTLS command works on this server
[000.859]Connection converted to SSL
SSLVersion in use: TLSv1_3
Cipher in use: TLS_AES_256_GCM_SHA384
Perfect Forward Secrecy: yes
Session Algorithm in use: Curve X25519 DHE(253 bits)
Certificate #1 of 3 (sent by MX):
Cert VALIDATED: ok
Cert Hostname VERIFIED (mail.joskleverwebsupport.nl = *.joskleverwebsupport.nl | DNS:*.joskleverwebsupport.nl | DNS:joskleverwebsupport.nl)
Not Valid Before: Mar 2 22:25:41 2023 GMT
Not Valid After: May 31 22:25:40 2023 GMT
subject: /CN=*.joskleverwebsupport.nl
issuer: /C=US/O=Let's Encrypt/CN=R3
Certificate #2 of 3 (sent by MX):
Cert VALIDATED: ok
Not Valid Before: Sep 4 00:00:00 2020 GMT
Not Valid After: Sep 15 16:00:00 2025 GMT
subject: /C=US/O=Let's Encrypt/CN=R3
issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X1
Certificate #3 of 3 (added from CA Root Store):
Cert VALIDATED: ok
Not Valid Before: Jun 4 11:04:38 2015 GMT
Not Valid After: Jun 4 11:04:38 2035 GMT
subject: /C=US/O=Internet Security Research Group/CN=ISRG Root X1
issuer: /C=US/O=Internet Security Research Group/CN=ISRG Root X1
 
In the end it appeared to be a configuration bug in Outlook365, so I had to connect the mailbox via Control Panel - Mail.
 
It seems to be related to
That is weird because that link is about Exchange Online and not particular about general IMAP use.
When MS is not going to support IMAP they will surely miss big market share
 
I know, but the measure has impact on general IMAP as well. Or it is a bug in a recent version of Outlook, but every article I've read suggests that this is intended. So we'll have to see how that goes.
 
Back
Top