How do you fix the server you are connected to is using a security certificate that cannot be verified the target principal name is incorrect?

I'm trying to get my mails using Outlook 2007 and POP3 using SSL but I get this security warning every time I try to receive mails:

The Server you are connected to is using a security certificate that cannot be verified. The Target principal name is incorrect.

When I open the certificate I see this message in the first tab (General):

All the intended purposes of this certificate could not be verified.

Issued by: GeoTrust SSL CA
Issued to: *.justhost.com

which is one of the trusted providers.

Do you think it's a man in the middle attack or a security risk? Or is it just a kind of a certificate error that I can ignore?

This hard to understand error means the security certificate your email server is using has expired or is invalid for other reasons.

I'm getting a security warning when I open Outlook. It says: 'The server you connected to is using a security certificate that cannot be verified. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the file'

That message is saying that the certificate the mail server uses has likely expired.

If you are the administrator, you need to install an updated certificate; if you are an end-user, you need to speak to your admin. You can't hide the warning or turn it off, but in all likelihood, it's safe to OK it and connect to your mail server.

The message made perfect sense to me but not to the people who asked about it, so I asked a couple of family members who aren't into technology what they thought the message was trying to tell them and what they would do if it came up while they were on the computer. Their answer: it "hurt" to read it and they'd ask me to look at it. I guess that proves it's a poorly written, overly technical error message.

I have a SSL IMAP email account that I just setup in Outlook. Every time I run the program I get a popup: "Internet Security Warning" The server you are connected to is using a security certificate that cannot be verified. The target principle name is incorrect. View Certificate. The certificate is self signed so I always just click Yes to continue using the server/email account, but how do I get Outlook to remember?

This warning indicates the server name does not match the name in your account settings, or in the case of Exchange server, that the address in the autodiscover file does not match the address the server is using. This is a common problem when the administrator uses self-published certificates.

The easiest fix is to change the server name, if your mail provider supports other server names.

For example, in the dialog in this screenshot, the server certificate was issued to pop.secureserver.net but I'm using mail.mydomain.com as the server name in my account settings. Since GoDaddy lets you use either server name, you can eliminate the error message if you use the secureserver.net server names.

1. Type cmd on the Start menu to open a Command Prompt.
2. Type ping mail.yourservername.com to find your IP address and the hosts server name.
   
   
3. If the server name in the ping results matches the name on the certificate, use it as the mail server name in Outlook.
4. If the name is different, ping the server name used in the certificate. If the IP address matches your mail server's IP address use it as the mail server name in Outlook.

If your host does not have a server name you can use to eliminate the error, John Roper-Lindsay uses these steps:
You can get around the "Target Principal Name is incorrect" by following the steps below:

1. If you didn't ping your server for the IP address (or didn't make note of it), open a cmd prompt and ping your incoming mail server - e.g. ping mail.fred.com returns IP address like 111.222.111.222.
2. View the certificate as above and note the server name under Issued To.
   e.g. elephant.giraffe.co.nz or *.giraffe.co.nz
3. Edit the hosts file and add a new line for IP address 111.222.111.222. The hosts file is in %windir%\system32\drivers\etc.
4. To open the hosts file, search for Notepad on the Start menu, right click on it and choose Run as Administrator. Paste the path to the hosts file in File, Open dialog. Select All Files as the file types on the right.
5. The entry you create in the hosts file should look something like this.
   111.222.111.222 elephant.giraffe.co.nz
6. Edit Outlook account settings and change the incoming and outgoing mail server to elephant.giraffe.co.nz

What does this do? Basically your mail server name needs to match the name on the certificate or Outlook will complain. The above process changes the mail server name to the name on the certificate and the hosts file will ensure that mail traffic to this server name will be correctly directed to your mail server.

NOTE:- If the certificate name is wildcarded, i.e. *.giraffe.co.nz, you could create a hosts file entry of anything.giraffe.co.nz, as the wildcard will cover anything.
NOTE:- you won't need to trust the certificate anywhere, as long as your mail provider is using a valid Certificate Authority to issue the certificate, which they certainly should be.

NOTE: This assumes the incoming and outgoing mail servers are the same. If they're not you may have to fiddle around with 2 server names.

I have managed to resolve the issue.

Step One:

When you first see the 'Internet Security Warning', select 'View Certificate'.

Step Two:

What you then need to do, is identify who the Certificate has been issued to. Refer to the below image, for where to find this information. Once you have identified the location, copy the entry exactly as is.

Step Three:

Head into your Outlook and then head into File > Account Settings > Account Settings. You should then be on a page, which looks something like:

Simply select one of your emails by double clicking on the relevant account.

Step Four:

Referring to Step Two, simply paste in the 'Issued to' information into the Incoming mail server and Outgoing mail server(SMTP) text boxes, as highlighted in the below image.

Step Five:

All that is left to do now, is to click 'Next' and continue as you would normally. Then repeat the process for the other emails.

Where I was going wrong, was that I had mail.domain.com entered into the Incoming and Outgoing server text boxes. This was ok for a while, since I hadn't installed an SSL Certificate onto my server but now that I have an SSL Certificate, I needed to change my entries, to reflect the name of my server, which the SSL Certificate was installed on.

Hi,

Please click the View Certificate button and look at the "Issued to" name, make sure the name is exactly what you used for your incoming and outgoing server in your account configuration. If not, change the setting to the same you see in "Issued to" name and test again.

Please let me know the result.

Regards,

Steve Fan
TechNet Community Support

It's recommended to download and install Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office programs.

One of my friends received the following error message when trying to send/receive e-mails in Microsoft Outlook.

The server you are connected to is using a security certificate that cannot be verified.
The target principal name is incorrect.

Once he clicked YES the warning message went away but as soon as Outlook is restarted he received the same warning message again.

The problem here lies in different mail server name being used from the name the certificate has been issued to.

To solve this click on the View Certificate and check the Issued to value.

Now go to Microsoft Outlook and navigate to:

File | Account Setting | Account Setting

Select your e-mail account and click on the Change button.

Change the values of the Incoming and Outgoing (SMTP) server address so it matches the name on the Certificate.

As you might have noticed you probably had a mail.domain.com specified for the Incoming and Outgoing (STMP) server addresses which were different from the name the certificate was issued to.

Once you click Next and Finish the warning message should be gone.