Ssl – Can Outlook certificate errors be surpressed

exchangeoutlookSecuritysslssl-certificate

We host a multi-tenant shared exchange environment and some customers are seeing a certificate warning when they open outlook as their domain name is not included in our SSL certificate as a subject alternative name.
We have a wildcard certificate for this mail server.

Is it possible to surpress this error or to to basically just say 'yes' permanently?

All of the users affected access outlook on a terminal server, so I'm hoping I can throw something in the registry or whatever to get rid of this or just surpress it.

Failing that, If there is a way to make outlook stop looking for autodiscover.companyname.co.uk and instead look for anything.serverdomain.com, that would also work.

Any help appriciated.

Best Answer

This worked for me.

Certificate Error Handling

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
Value: ShowCertErrors
Default: 0
Data: 1 = Show certificate warnings/errors; 0 = Don't show certificate warnings

Related Solutions

Ssl – how to download the ssl certificate from a website

In order to download the certificate, you need to use the client built into openssl like so:

echo -n | openssl s_client -connect $HOST:$PORTNUMBER -servername $SERVERNAME \
    | openssl x509 > /tmp/$SERVERNAME.cert

That will save the certificate to /tmp/$SERVERNAME.cert.

The -servername is used to select the correct certificate when multiple are presented, in the case of SNI.

You can use -showcerts if you want to download all the certificates in the chain. But if you just want to download the server certificate, there is no need to specify -showcerts. The x509 at the end will strip out the intermediate certs, you will need to use sed -n '/-----BEGIN/,/-----END/p' instead of the x509 at the end.

echo -n gives a response to the server, so that the connection is released

openssl x509 removes information about the certificate chain and connection details. This is the preferred format to import the certificate into other keystores.

Ssl – Displaying a remote SSL certificate details using CLI tools

You should be able to use OpenSSL for your purpose:

echo | openssl s_client -showcerts -servername gnupg.org -connect gnupg.org:443 2>/dev/null | openssl x509 -inform pem -noout -text

That command connects to the desired website and pipes the certificate in PEM format on to another openssl command that reads and parses the details.

(Note that "redundant" -servername parameter is necessary to make openssl do a request with SNI support.)

Best Answer

Related Solutions

Ssl – how to download the ssl certificate from a website

Ssl – Displaying a remote SSL certificate details using CLI tools

Related Topic