Marcuse7 0 Posted July 29, 2019 Share Posted July 29, 2019 I use ESET Internet Security 12.2.23.0 on Windows 10 build 18362.239. When I try to sync my IMAP folder in Outlook 2019 MSO 16.0.11727.2022 32-Bit with its server at mail.jpberlin.de I receive the warning "The target principal name is incorrect". Seems that the self-signed certificate for *.jpberlin.de issued by "ESET SSL Filter CA" could be the issue. What could I do in this case? Link to comment Share on other sites More sharing options...
itman 1,741 Posted July 30, 2019 Share Posted July 30, 2019 (edited) Whereas there is a way to export the self-signed cert. from their webmail site here: https://webmail.jpberlin.de/roundcube/ and import it into Eset's list of SSL/TLS known certificates, I don't know if it would work in regards to Eset's client e-mail scanning. Someone from Eset will to comment on this. I am assuming the webmail certificate is the same one their client e-mail servers are using. Edited July 30, 2019 by itman Link to comment Share on other sites More sharing options...
ESET Staff Posolsvetla 15 Posted July 31, 2019 ESET Staff Share Posted July 31, 2019 At the first sight this does not seem to be the issue on our side. Could you please check if the steps described at these links helps?https://webmasters.stackexchange.com/questions/112046/outlook-2016-says-the-target-principal-name-is-incorrect-on-my-sites-securityhttps://www.msoutlook.info/question/613 On 7/29/2019 at 4:51 PM, Marcuse7 said: Seems that the self-signed certificate for *.jpberlin.de issued by "ESET SSL Filter CA" could be the issue. This statement is misleading, as a self-signed certificate would not be issued by "ESET SSL Filter CA". Link to comment Share on other sites More sharing options...
Marcuse7 0 Posted August 12, 2019 Author Share Posted August 12, 2019 At least on my machine, it looks as if the certificate is indeed issued by "ESET SSL Filter CA". The underlying "ESET SSL Filter CA" certificate is issued by the same entity it is issued to. It might be that Outlook 2019 has issues with the wildcard certificate. The links address SAN certificates but this is not the case here. Link to comment Share on other sites More sharing options...
Marcuse7 0 Posted August 12, 2019 Author Share Posted August 12, 2019 (edited) On 7/31/2019 at 1:11 AM, itman said: Whereas there is a way to export the self-signed cert. from their webmail site here: https://webmail.jpberlin.de/roundcube/ and import it into Eset's list of SSL/TLS known certificates, I don't know if it would work in regards to Eset's client e-mail scanning. Someone from Eset will to comment on this. I am assuming the webmail certificate is the same one their client e-mail servers are using. Thank you! The jpberlin.de SSL wildcard certificate is issued by Thawte/digicert. I have imported it into eset's known certificate list. The issue persists. For the www.jpberlin.de Web page, Firefox 68.0.1 also warns that "connection verified by a certificate issuer that is not recognized by Mozilla". The ESET certicate was imported into the Firefox certificate list, though. For now, it's just a warning... Edited August 12, 2019 by Marcuse7 Issue not solved Link to comment Share on other sites More sharing options...
itman 1,741 Posted August 12, 2019 Share Posted August 12, 2019 (edited) 6 hours ago, Marcuse7 said: For the www.jpberlin.de Web page, Firefox 68.0.1 also warns that "connection verified by a certificate issuer that is not recognized by Mozilla". The ESET certicate was imported into the Firefox certificate list, though. For now, it's just a warning... Not exactly. You will only see this wording, "connection verified by a certificate issuer that is not recognized by Mozilla," if you click on the lock symbol in Firefox. This same wording will appear for every HTTPS web site you connect to unless it is internal excluded from Eset's SSL/TLS protocol scanning or has been manually excluded. Again refer to this previously posted link: https://www.msoutlook.info/question/613 Specifically this: Quote When I start Outlook, I get an “Internet Security Warning” dialog box with the message; The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect. Usually you get this error when you are using a shared hosting account with your own domain and connect via SSL. Another common cause is that your ISP has changed the name of their mail server and is redirecting you from the old server name to the new one and the name of the old server isn’t on their new SSL certificate. Also this: Quote The solution is quite simple; click on the “View Certificate…” button and look at the “Issued to” name. This is usually the name that you’ll need to specify for your incoming and/or outgoing server in your account configuration. In some cases, this still won’t work when the certificate holds multiple names. You can then select the “Details” tab and see if the certificate holds a field called “Subject Alternative Name”. If so, then you’ll find other names that you could try behind the “DNS Name=” value. If none of those names work either, contact your ISP and ask for the correct name of the mail server that you should use. Another (less secure) alternative would be to disable the use of SSL for your mail account. The problem here has nothing to do with Eset's certificate or the use of it. There appears to be an issue with the certificate the e-mail provider server is using. You need to contact your e-mail provider about this issue. Specifically, you need to find the name of the new URL for the e-mail server they are using and enter that into Outlook. Everything on their web site is in German which I don't understand. It appears you are using a client e-mail URL that references a prior used server and are being redirected to the current server/s the e-mail provider is using. Edited August 12, 2019 by itman Link to comment Share on other sites More sharing options...
Marcuse7 0 Posted August 12, 2019 Author Share Posted August 12, 2019 Thank you for looking into this. I have contacted the e-mail provider. Link to comment Share on other sites More sharing options...
Recommended Posts