Entourage Error

Posted on 2010-08-22
Last Modified: 2013-11-12
Everytime I open my entourage 2008 i get the error

“Unable to establish a secure connection to servername because the server name or IP address does not match the name or IP address on the server’s certificate. If you continue, the information you view and send will be encrypted, but will not be secure.”

If i click "OK" everything works 100% how can i get rid of this error?

 - I have tried importing the certificate into Keychain access manager
 - I have also tried turning off SSL in Account settings that takes the error away but then my mail does
    not work

Any Suggestions???
Question by:oasistechnical
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 53

Accepted Solution

strung earned 500 total points
ID: 33495410
Is sounds like the name of the certificate is not identical to the server name. Have you checked?

Expert Comment

ID: 33495453
Judging from your description, I had the same problem.

The problem is that Entourage tries to establish a secure connection to whatever IP address it finds in DNS for "".  In many organizations, goes to a hosting company where the public web site is located and which is not configured for security, so Entourage gets some other SSL certificate from the web host and that certificate does not match the domain name you have configured for your email account.  This causes the error.

Microsoft expects that will have a correct and valid SSL cert and will also have Exchange autoconfiguration information available.  There is no way to turn this off, but there is a work around.

I had a discussion a while back on Mactopia which you can read here:

I think this is one of the stupider "security features" I have seen in a while.

The work around is to edit /etc/hosts on your Mac.  You want to make your domain point to the IP address of your Exchange server.  The hosts file entry will take precedence over a DNS lookup, and so when Entourage tries to connect to the address of the domain, it instead goes to your Exchange server and gets the correct certificate.  This does presuppose that your Exchange server has a UCC SSL certificate that includes as a subject alternate name (which it should have).

So in hosts add a line like:

if you do not know the address to use, ping the full fully qualified domain name of your Exchange server and use that address  (e.g.  ping and add this address to hosts).


Expert Comment

ID: 33495471
The problem is that your email server is presenting you with a certificate that has one name, like "", but the address you are using to access the  server is different, e.g. "".  You can try changing the configuration of your mail account, so that the mail account uses the name that is in the certificate.  

However, it is likely that your service provider will need to install a new certificate in their server.  All you can do is complain to them.
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.


Expert Comment

ID: 33495511
To clarify using the previous example, Entourage will be actually give this error when it looks for a certificate at "".  It will do this regardless of the hostname of the server, and regardless of the mail server itself having the correct certificate.  Whatever host resides at (with no hostname) must have the correct certificate.  If that is not possible (because it is a different server outside your control), then you need to make the entry in /etc/hosts  

Author Comment

ID: 33496130
Thanks for the reply evanmcnally

Im new to Mac could you tell me step by step how i would go about to "edit /etc/hosts on your Mac."


Expert Comment

ID: 33496177
1. Go to Applications > Utilities > Terminal
2.  Type "sudo -s" and enter the password for your account.  This will give you root permission so you can edit the hosts file.
3.  type "cd /etc"
4.  type "nano hosts" to start editing the hosts file with nano.  You could use some other editor also.
5.  You'll see a column of IP addresses and next to them some host names.  Just insert a new line under the one that says "     localhost"
6.  Put in the IP address of your Exchange server, then hit tab or put in a few spaces and put your email domain name with no hostname portion (e.g. NOT
7.  Hit ctrl-x to exit and it will ask you to save, hit "y" for yes, then it will confirm the file name of "hosts" and you can just hit enter to confirm.
8.  You can confirm the change by typing "ping" and you should get a reply from the IP address of the Exchange server.


Author Comment

ID: 33585587
Sorry for the late reply

I have tried the above step, but im still getting this error??

any other suggestions?

Expert Comment

ID: 33604449
The steps I gave assume that your server's certificate matches the fully-qualified hostname of the email server you are using.

Try in Safari.  Do you get any warningings about the certificate?
And are you using the same address within entourage?

The steps I gave before will correct the problem where entourage always connects to and produces an error.  But the actual mailserver name still needs to match between the certificate and the name you have entered into entourage.

Author Comment

ID: 33606011
if I try the webmail address in safari, I get no warnings, just a box that pops up asking for username and password

Im not using the same address within entourage, Im using the IP of the exchange server

Expert Comment

ID: 33612478
Using an IP address in Entourage for the server is your problem.

Let's take a step back and go over one very important detail.  Every SSL certificate has a host name and/or IP address embedded internally inside the certificate.  Normally this is a host name and almost never is it an IP address.  Some SSL certificates have multiple names embedded, and some have wildcards embedded (e.g. *

The important point here is that this information is inside the certificate and cannot be changed by you, only by the email server admin who installed the cert on his server.  Server admins almost never use IP addresses inside the certificate.

When you access the email server that is using the certificate, then your _client software_ compares the address you are going to with the information inside the certificate.  The client software wants to see that if you are going to then the certificate from the server at that address should also contain embedded inside the cert.  If it does not, then you will get a warning like the one you have posted "the server name or IP address does not match the name or IP address on the server’s certificate".

So what you need to do is not use an IP address for the email server address.  In Entourage, you need to enter your mail server address using a name that is in the server's certificate.  If you are using a name to connect with Safari and are not getting any certificate warnings, then you probably should use the same name in Entourage.  You definitely should not use an IP address in Entourage--this works for connectivity but will not allow Entourage to match the cert's embedded name with the address Entourage is connecting to.

You can view the names in the certificate to validate that you will be getting a match by going to the secure site in Safari and clicking on the lock icon in the far upper right of the Safari window.  This will display the certificate for that page, and you want to look for the common name and any subject alternate names or else a wildcard.  You must be using an address in Entourage that matches one of these names.  


Author Closing Comment

ID: 33792570
No solved

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I work for a company that primarily works with small businesses as their outsourced IT vendor. As such the majority of these customers utilize some version of Small Business Server. Due to the economics of running a small business, many of these cus…
iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question