Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Entourage Error

Posted on 2010-08-22
Medium Priority
Last Modified: 2013-11-12
Everytime I open my entourage 2008 i get the error

“Unable to establish a secure connection to servername because the server name or IP address does not match the name or IP address on the server’s certificate. If you continue, the information you view and send will be encrypted, but will not be secure.”

If i click "OK" everything works 100% how can i get rid of this error?

 - I have tried importing the certificate into Keychain access manager
 - I have also tried turning off SSL in Account settings that takes the error away but then my mail does
    not work

Any Suggestions???
Question by:oasistechnical
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 53

Accepted Solution

strung earned 1500 total points
ID: 33495410
Is sounds like the name of the certificate is not identical to the server name. Have you checked?

Expert Comment

ID: 33495453
Judging from your description, I had the same problem.

The problem is that Entourage tries to establish a secure connection to whatever IP address it finds in DNS for "".  In many organizations, goes to a hosting company where the public web site is located and which is not configured for security, so Entourage gets some other SSL certificate from the web host and that certificate does not match the domain name you have configured for your email account.  This causes the error.

Microsoft expects that will have a correct and valid SSL cert and will also have Exchange autoconfiguration information available.  There is no way to turn this off, but there is a work around.

I had a discussion a while back on Mactopia which you can read here:

I think this is one of the stupider "security features" I have seen in a while.

The work around is to edit /etc/hosts on your Mac.  You want to make your domain point to the IP address of your Exchange server.  The hosts file entry will take precedence over a DNS lookup, and so when Entourage tries to connect to the address of the domain, it instead goes to your Exchange server and gets the correct certificate.  This does presuppose that your Exchange server has a UCC SSL certificate that includes as a subject alternate name (which it should have).

So in hosts add a line like:

if you do not know the address to use, ping the full fully qualified domain name of your Exchange server and use that address  (e.g.  ping and add this address to hosts).


Expert Comment

ID: 33495471
The problem is that your email server is presenting you with a certificate that has one name, like "", but the address you are using to access the  server is different, e.g. "".  You can try changing the configuration of your mail account, so that the mail account uses the name that is in the certificate.  

However, it is likely that your service provider will need to install a new certificate in their server.  All you can do is complain to them.
Supports up to 4K resolution!

The VS192 2-Port 4K DisplayPort Splitter is perfect for anyone who needs to send one source of DisplayPort high definition video to two or four DisplayPort displays. The VS192 can split and also expand DisplayPort audio/video signal on two or four DisplayPort monitors.


Expert Comment

ID: 33495511
To clarify using the previous example, Entourage will be actually give this error when it looks for a certificate at "".  It will do this regardless of the hostname of the server, and regardless of the mail server itself having the correct certificate.  Whatever host resides at (with no hostname) must have the correct certificate.  If that is not possible (because it is a different server outside your control), then you need to make the entry in /etc/hosts  

Author Comment

ID: 33496130
Thanks for the reply evanmcnally

Im new to Mac could you tell me step by step how i would go about to "edit /etc/hosts on your Mac."


Expert Comment

ID: 33496177
1. Go to Applications > Utilities > Terminal
2.  Type "sudo -s" and enter the password for your account.  This will give you root permission so you can edit the hosts file.
3.  type "cd /etc"
4.  type "nano hosts" to start editing the hosts file with nano.  You could use some other editor also.
5.  You'll see a column of IP addresses and next to them some host names.  Just insert a new line under the one that says "     localhost"
6.  Put in the IP address of your Exchange server, then hit tab or put in a few spaces and put your email domain name with no hostname portion (e.g. NOT
7.  Hit ctrl-x to exit and it will ask you to save, hit "y" for yes, then it will confirm the file name of "hosts" and you can just hit enter to confirm.
8.  You can confirm the change by typing "ping" and you should get a reply from the IP address of the Exchange server.


Author Comment

ID: 33585587
Sorry for the late reply

I have tried the above step, but im still getting this error??

any other suggestions?

Expert Comment

ID: 33604449
The steps I gave assume that your server's certificate matches the fully-qualified hostname of the email server you are using.

Try in Safari.  Do you get any warningings about the certificate?
And are you using the same address within entourage?

The steps I gave before will correct the problem where entourage always connects to and produces an error.  But the actual mailserver name still needs to match between the certificate and the name you have entered into entourage.

Author Comment

ID: 33606011
if I try the webmail address in safari, I get no warnings, just a box that pops up asking for username and password

Im not using the same address within entourage, Im using the IP of the exchange server

Expert Comment

ID: 33612478
Using an IP address in Entourage for the server is your problem.

Let's take a step back and go over one very important detail.  Every SSL certificate has a host name and/or IP address embedded internally inside the certificate.  Normally this is a host name and almost never is it an IP address.  Some SSL certificates have multiple names embedded, and some have wildcards embedded (e.g. *

The important point here is that this information is inside the certificate and cannot be changed by you, only by the email server admin who installed the cert on his server.  Server admins almost never use IP addresses inside the certificate.

When you access the email server that is using the certificate, then your _client software_ compares the address you are going to with the information inside the certificate.  The client software wants to see that if you are going to then the certificate from the server at that address should also contain embedded inside the cert.  If it does not, then you will get a warning like the one you have posted "the server name or IP address does not match the name or IP address on the server’s certificate".

So what you need to do is not use an IP address for the email server address.  In Entourage, you need to enter your mail server address using a name that is in the server's certificate.  If you are using a name to connect with Safari and are not getting any certificate warnings, then you probably should use the same name in Entourage.  You definitely should not use an IP address in Entourage--this works for connectivity but will not allow Entourage to match the cert's embedded name with the address Entourage is connecting to.

You can view the names in the certificate to validate that you will be getting a match by going to the secure site in Safari and clicking on the lock icon in the far upper right of the Safari window.  This will display the certificate for that page, and you want to look for the common name and any subject alternate names or else a wildcard.  You must be using an address in Entourage that matches one of these names.  


Author Closing Comment

ID: 33792570
No solved

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Set up iPhone and iPad email signatures to always send in high-quality HTML with this step-by step guide.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question