Eli Sand wrote:
Nikolay Shopik wrote:
Usually it works like this. You are configure your mail client to
address like this mail.example.com, when mail client establish
connection to server and receive certificate it compare CN with current
configuration in it. So if you configure connect to mx.example.com but
server receive certificate with CN=mail.example.com it should warn you.
It doesn't do any PTR lookups.
I have experimented with Outlook 2k7 and valid certificates from CACert and
I am unable to say that this is for sure how Outlook is behaving.
I have tested with a wildcard cert, and names of both the MX record and the
A record configured in the mail client. All three of which produced the
same ultimate "The target principal name is incorrect." Error. The
certificate is valid and I do have the root CA certs loaded in Windows
correctly.
Ah ... wildcard certs .. from what i recall, certs issued like
*.example.com were not very well accepted by M$ clients. You should test
against non wildcard certs and see how it behaves.
Regards,
Hugo Monteiro.
--
ci.fct.unl.pt:~# cat .signature
Hugo Monteiro
Email : [EMAIL PROTECTED]
Telefone : +351 212948300 Ext.15307
Centro de Informática
Faculdade de Ciências e Tecnologia da
Universidade Nova de Lisboa
Quinta da Torre 2829-516 Caparica Portugal
Telefone: +351 212948596 Fax: +351 212948548
www.ci.fct.unl.pt [EMAIL PROTECTED]
ci.fct.unl.pt:~# _
