Menu
Reply
dazlicous
  • 112
  • 0
  • 12
Dialled in
221 Views
Message 1 of 7
Flag for a moderator

Outlook - internet Security Warning

Got my NTL email account set up using outlook but when I open outlook I get a security warning 

Internet Security Warning 

The server you are connected to is using a security certificate that cannot be verified 

The target principal name is incorrect 

0 Kudos
Reply
Corey_C
  • 3.94K
  • 214
  • 328
Forum Team
Forum Team
151 Views
Message 2 of 7
Flag for a moderator

Re: Outlook - internet Security Warning

Thanks for your post and for reaching out to the Community Forums, dazlicous,

 

Did you configure this manually or automatically? Do your email server names match the email domain @ntlworld?

 

Cheers,

Corey C

0 Kudos
Reply
ravenstar68
  • 19.39K
  • 1.14K
  • 8.45K
Very Insightful Person
Very Insightful Person
125 Views
Message 3 of 7
Flag for a moderator

Re: Outlook - internet Security Warning

@Corey_C 

Welcome to the wonderful world of SSL/TLS certificates.

From past experience with other users the error itself is a red herring.

The Target principle name refers to Server Name Authentication (SNI)

SSL certificates carry a CN value and an SAN field.

The CN value used to have to match the server hostname as specified in the email settings.  Indeed one fix suggested for this error (which wouldn't work here) was to change the server hostname to match that in the CN field.

Nowadays certificates also carry an SAN field - here's the field in the certificate recovered from imap.virginmedia.com

  Subject Alternative Name
        DNS Name=email.virginmedia.com
        DNS Name=webmail.virginmedia.com
        DNS Name=mail.virginmedia.com
        DNS Name=mail2.virginmedia.com
        DNS Name=mail3.virginmedia.com
        DNS Name=pop.virginmedia.com
        DNS Name=pop3.virginmedia.com
        DNS Name=imap.virginmedia.com
        DNS Name=imap4.virginmedia.com
        DNS Name=smtp.virginmedia.com
        DNS Name=autoconfig.virginmedia.com
        DNS Name=autodiscover.virginmedia.com

Now provided the Hostname matches one of these values, then the certificate is valid for that host.

There have been suggestions in some answers that this is down to Outlook not liking SAN certificates - BUT this is unlikely, certainly up until my blueyonder emails finally closed I was using the above server quite happily.

Note that the email address itself has NOTHING to do with the server name.  In fact many companies use a number of professional hosts, including Microsoft and Google to host their emails.  I myself host 3 separate domains on one email server.

VM only have one recommended set of email servers which end in virginmedia.com 

https://community.virginmedia.com/t5/Email/Email-settings-change/td-p/3369438

@dazlicous 

Are you able to select view certificate on the error message and post what you are seeing on here, in particular the Certification Path tab.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

dazlicous
  • 112
  • 0
  • 12
Dialled in
118 Views
Message 4 of 7
Flag for a moderator

Re: Outlook - internet Security Warning


@ravenstar68 wrote:

@Corey_C 

Welcome to the wonderful world of SSL/TLS certificates.

From past experience with other users the error itself is a red herring.

The Target principle name refers to Server Name Authentication (SNI)

SSL certificates carry a CN value and an SAN field.

The CN value used to have to match the server hostname as specified in the email settings.  Indeed one fix suggested for this error (which wouldn't work here) was to change the server hostname to match that in the CN field.

Nowadays certificates also carry an SAN field - here's the field in the certificate recovered from imap.virginmedia.com

 

 

  Subject Alternative Name
        DNS Name=email.virginmedia.com
        DNS Name=webmail.virginmedia.com
        DNS Name=mail.virginmedia.com
        DNS Name=mail2.virginmedia.com
        DNS Name=mail3.virginmedia.com
        DNS Name=pop.virginmedia.com
        DNS Name=pop3.virginmedia.com
        DNS Name=imap.virginmedia.com
        DNS Name=imap4.virginmedia.com
        DNS Name=smtp.virginmedia.com
        DNS Name=autoconfig.virginmedia.com
        DNS Name=autodiscover.virginmedia.com

 

 

Now provided the Hostname matches one of these values, then the certificate is valid for that host.

There have been suggestions in some answers that this is down to Outlook not liking SAN certificates - BUT this is unlikely, certainly up until my blueyonder emails finally closed I was using the above server quite happily.

Note that the email address itself has NOTHING to do with the server name.  In fact many companies use a number of professional hosts, including Microsoft and Google to host their emails.  I myself host 3 separate domains on one email server.

VM only have one recommended set of email servers which end in virginmedia.com 

https://community.virginmedia.com/t5/Email/Email-settings-change/td-p/3369438

@dazlicous 

Are you able to select view certificate on the error message and post what you are seeing on here, in particular the Certification Path tab.

Tim


Thx for your reply

After getting the error and searching the VM forum here. It seem a very popular issue if still running Microsoft Office 2007. 

Bit of a strange one because on my desktop I am running Win 10 and Office 2007 without any issues in outlook and VM emails.

I was setting up a new laptop that thrown the issue up. After reading the Forum and this issue, I have upgraded to Office 2019 which has totally resolved the problem. 

ravenstar68
  • 19.39K
  • 1.14K
  • 8.45K
Very Insightful Person
Very Insightful Person
99 Views
Message 5 of 7
Flag for a moderator

Re: Outlook - internet Security Warning

@dazlicous 

It is a strange one.  All I know is that when one user looked at the certificate she was presented with, she got an invalid certificate error.  Looking at the certificate path at the time, as far as her system was concerned the certificate chain didn't go back to a trusted root certificate.  But when I got her to export the certificate and send it to me, my machine was quite happy with it.

It would have certainly been interesting to take this further, but to be honest Office 2007 reached end of life some time ago and no longer receives any updates from Microsoft.  Switching to Office 2019 is certainly the best option.  Unless you want to consider free alternatives instead..

Glad it's working for you now.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

ravenstar68
  • 19.39K
  • 1.14K
  • 8.45K
Very Insightful Person
Very Insightful Person
75 Views
Message 6 of 7
Flag for a moderator

Re: Outlook - internet Security Warning

For the benefit of everyone involved in this thread I wanted to demonstrate SNI in action.

In this case I've used a non existent domain raventim.co.uk and used my hosts file to direct it to my mail server IP.  I've then tried changing my IMAP server setting to raventim.co.uk - Here's the result - The error looks familiar.

ravenstar68_0-1626959947525.png

If we view the certificate we see this:

ravenstar68_1-1626960043731.png

We see above that the CN for the certificate is box.timothydutton.co.uk - which doesn't match the hostname in the settinggs.

ravenstar68_2-1626960312273.png

More importantly the name raventim.co.uk is not found in the SAN field either.

This is how certificates normally try to protect against DNS redirection attacks.

Note that the certificate is downloaded from the server as part of SSL/TLS negotiation.  What we've found in cases similar to @dazlicous 's is that when we check the certificate - the certificate is all correct, but for some reason when we check the certificate path

ravenstar68_3-1626960712441.png

The root certificate (highlighted above), does not show as being trusted on their systems.

Tim

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
dazlicous
  • 112
  • 0
  • 12
Dialled in
70 Views
Message 7 of 7
Flag for a moderator

Re: Outlook - internet Security Warning

From I can gather is obviously it’s outdated and unsupported software so best better is upgrade to a newer version