Nikolay Shopik wrote: > Usually it works like this. You are configure your mail client to > address like this mail.example.com, when mail client establish > connection to server and receive certificate it compare CN with current > configuration in it. So if you configure connect to mx.example.com but > server receive certificate with CN=mail.example.com it should warn you. > It doesn't do any PTR lookups.
I have experimented with Outlook 2k7 and valid certificates from CACert and I am unable to say that this is for sure how Outlook is behaving. I have tested with a wildcard cert, and names of both the MX record and the A record configured in the mail client. All three of which produced the same ultimate "The target principal name is incorrect." Error. The certificate is valid and I do have the root CA certs loaded in Windows correctly. I'm pretty close to emailing Microsoft themselves to help solve the problem since I am unable to figure out why the error is happening (even debug logging from Outlook produces nothing). Eli.