Loading ...
Sorry, an error occurred while loading the content.

cert error on outlook when send email using ssl

Expand Messages
  • kazabe
    Hi. Im trying to use postfix with ssl. Now is working, but i have a little situation with the outloook clients. always to send a email, see a message The
    Message 1 of 6 , Jun 29, 2013
    • 0 Attachment
      Hi.

      Im trying to use postfix with ssl.  Now is working, but i have a little situation with the outloook clients.

      always to send a email, see a message

      "The name of the security certificate is invalid or does not match the name of the site"

      The message is sended after accept the message, but the end users are affraid with this message.

      Im looking o google about to how to solve, but all the info are related with ms exchange and i use postfix.
      Can you share me some clues to solve it?

      thanks in advance

    • Jerry
      On Sat, 29 Jun 2013 13:25:50 -0500 ... Why not just get a valid certificate? -- Jerry ✌ postfix-user@seibercom.net
      Message 2 of 6 , Jun 29, 2013
      • 0 Attachment
        On Sat, 29 Jun 2013 13:25:50 -0500
        kazabe articulated:

        > Hi.
        >
        > Im trying to use postfix with ssl. Now is working, but i have a
        > little situation with the outloook clients.
        >
        > always to send a email, see a message
        >
        > "The name of the security certificate is invalid or does not match the
        > name of the site"
        >
        > The message is sended after accept the message, but the end users are
        > affraid with this message.
        >
        > Im looking o google about to how to solve, but all the info are
        > related with ms exchange and i use postfix.
        >
        > Can you share me some clues to solve it?

        Why not just get a valid certificate?

        --
        Jerry ✌
        postfix-user@...
        _____________________________________________________________________
        TO REPORT A PROBLEM see http://www.postfix.org/DEBUG_README.html#mail
        TO (UN)SUBSCRIBE see http://www.postfix.org/lists.html
      • Jeroen Geilman
        ... Well, is it invalid ? Does it match the name of the site ? These things matter, for TLS. (You should not be using SMTPS) ... So tell them not to be afraid!
        Message 3 of 6 , Jun 29, 2013
        • 0 Attachment
          On 06/29/2013 08:25 PM, kazabe wrote:
          > Hi.
          >
          > Im trying to use postfix with ssl. Now is working, but i have a
          > little situation with the outloook clients.
          >
          > always to send a email, see a message
          >
          > "The name of the security certificate is invalid or does not match the name of the site"

          Well, is it invalid ? Does it match the name of the site ?
          These things matter, for TLS.
          (You should not be using SMTPS)

          > The message is sended after accept the message, but the end users are affraid with this message.

          So tell them not to be afraid!

          There are only a few things you can do to "fix" this situation:
          1. provide a valid and trusted certificate (this will cost either effort
          or money), or
          2. accept the way things are.

          > Im looking o google about to how to solve, but all the info are related with ms exchange and i use postfix.
          > Can you share me some clues to solve it?

          X.509 certficates are normally checked for 3 properties:

          1. is it valid (i.e. does the current date lie between the valid-from
          and valid-to attributes of the certificate)?
          2. does the CN (common name) attribute of the certificate correspond to
          the name of the server you're connecting to ?
          3. is the issuer of this certificate trusted by the client ?

          The first two are trivially corrected by you.
          The last one requires either that you get clients to trust your CA, or
          that you buy a certificate from a CA who is already trusted.

          --
          J.
        • Bart J. Smit
          From: owner-postfix-users@postfix.org [mailto:owner-postfix-users@postfix.org] On Behalf Of Jeroen Geilman Sent: 29 June 2013 22:42 To:
          Message 4 of 6 , Jun 30, 2013
          • 0 Attachment
            From: owner-postfix-users@... [mailto:owner-postfix-users@...] On Behalf Of Jeroen Geilman
            Sent: 29 June 2013 22:42
            To: postfix-users@...
            Subject: Re: cert error on outlook when send email using ssl

            On 06/29/2013 08:25 PM, kazabe wrote:
            > Hi.
            >
            > Im trying to use postfix with ssl. Now is working, but i have a
            > little situation with the outloook clients.
            >
            > always to send a email, see a message
            >
            > "The name of the security certificate is invalid or does not match the name of the site"

            Well, is it invalid ? Does it match the name of the site ?
            These things matter, for TLS.
            (You should not be using SMTPS)

            > The message is sended after accept the message, but the end users are affraid with this message.

            So tell them not to be afraid!

            There are only a few things you can do to "fix" this situation:
            1. provide a valid and trusted certificate (this will cost either effort or money), or 2. accept the way things are.

            > Im looking o google about to how to solve, but all the info are related with ms exchange and i use postfix.
            > Can you share me some clues to solve it?

            X.509 certficates are normally checked for 3 properties:

            1. is it valid (i.e. does the current date lie between the valid-from and valid-to attributes of the certificate)?
            2. does the CN (common name) attribute of the certificate correspond to the name of the server you're connecting to ?
            3. is the issuer of this certificate trusted by the client ?

            The first two are trivially corrected by you.
            The last one requires either that you get clients to trust your CA, or that you buy a certificate from a CA who is already trusted.

            --
            J.

            -------------------------------------------
            StartSSL will do you a free certificate. https://www.startssl.com/

            Bart...
          • Steve Jenkins
            ... +1 to Bart s comment. Just get a free cert from StartCom. I have no affiliation, and YMMV, but back in 2011 I wrote a howto for genning a free cert there
            Message 5 of 6 , Jun 30, 2013
            • 0 Attachment
              On Sun, Jun 30, 2013 at 5:33 AM, Bart J. Smit <bart@...> wrote:
              -------------------------------------------
              StartSSL will do you a free certificate. https://www.startssl.com/

              +1 to Bart's comment. Just get a free cert from StartCom. I have no affiliation, and YMMV, but back in 2011 I wrote a howto for genning a free cert there and plugging it in to Postfix:


              SteveJ
            • Hans Spaans
              ... Some valid certificates require an intermediate certificate to be installed and presented together with signed certificate, but many forget to install it
              Message 6 of 6 , Jun 30, 2013
              • 0 Attachment
                Jerry schreef op 2013-06-29 22:05:
                > On Sat, 29 Jun 2013 13:25:50 -0500
                > kazabe articulated:
                >
                >> Hi.
                >>
                >> Im trying to use postfix with ssl. Now is working, but i have a
                >> little situation with the outloook clients.
                >>
                >> always to send a email, see a message
                >>
                >> "The name of the security certificate is invalid or does not match the
                >> name of the site"
                >>
                >> The message is sended after accept the message, but the end users are
                >> affraid with this message.
                >>
                >> Im looking o google about to how to solve, but all the info are
                >> related with ms exchange and i use postfix.
                >>
                >> Can you share me some clues to solve it?
                >
                > Why not just get a valid certificate?

                Some valid certificates require an intermediate certificate to be
                installed and presented together with signed certificate, but many
                forget to install it or do it incorrectly.

                Hans
              Your message has been successfully submitted and would be delivered to recipients shortly.