Entourage Error

Posted on 2010-08-22
Last Modified: 2013-11-12
Everytime I open my entourage 2008 i get the error

“Unable to establish a secure connection to servername because the server name or IP address does not match the name or IP address on the server’s certificate. If you continue, the information you view and send will be encrypted, but will not be secure.”

If i click "OK" everything works 100% how can i get rid of this error?

 - I have tried importing the certificate into Keychain access manager
 - I have also tried turning off SSL in Account settings that takes the error away but then my mail does
    not work

Any Suggestions???
Question by:oasistechnical
LVL 53

Accepted Solution

strung earned 500 total points
ID: 33495410
Is sounds like the name of the certificate is not identical to the server name. Have you checked?

Expert Comment

ID: 33495453
Judging from your description, I had the same problem.

The problem is that Entourage tries to establish a secure connection to whatever IP address it finds in DNS for "".  In many organizations, goes to a hosting company where the public web site is located and which is not configured for security, so Entourage gets some other SSL certificate from the web host and that certificate does not match the domain name you have configured for your email account.  This causes the error.

Microsoft expects that will have a correct and valid SSL cert and will also have Exchange autoconfiguration information available.  There is no way to turn this off, but there is a work around.

I had a discussion a while back on Mactopia which you can read here:

I think this is one of the stupider "security features" I have seen in a while.

The work around is to edit /etc/hosts on your Mac.  You want to make your domain point to the IP address of your Exchange server.  The hosts file entry will take precedence over a DNS lookup, and so when Entourage tries to connect to the address of the domain, it instead goes to your Exchange server and gets the correct certificate.  This does presuppose that your Exchange server has a UCC SSL certificate that includes as a subject alternate name (which it should have).

So in hosts add a line like:

if you do not know the address to use, ping the full fully qualified domain name of your Exchange server and use that address  (e.g.  ping and add this address to hosts).


Expert Comment

ID: 33495471
The problem is that your email server is presenting you with a certificate that has one name, like "", but the address you are using to access the  server is different, e.g. "".  You can try changing the configuration of your mail account, so that the mail account uses the name that is in the certificate.  

However, it is likely that your service provider will need to install a new certificate in their server.  All you can do is complain to them.

Expert Comment

ID: 33495511
To clarify using the previous example, Entourage will be actually give this error when it looks for a certificate at "".  It will do this regardless of the hostname of the server, and regardless of the mail server itself having the correct certificate.  Whatever host resides at (with no hostname) must have the correct certificate.  If that is not possible (because it is a different server outside your control), then you need to make the entry in /etc/hosts  

Author Comment

ID: 33496130
Thanks for the reply evanmcnally

Im new to Mac could you tell me step by step how i would go about to "edit /etc/hosts on your Mac."

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.


Expert Comment

ID: 33496177
1. Go to Applications > Utilities > Terminal
2.  Type "sudo -s" and enter the password for your account.  This will give you root permission so you can edit the hosts file.
3.  type "cd /etc"
4.  type "nano hosts" to start editing the hosts file with nano.  You could use some other editor also.
5.  You'll see a column of IP addresses and next to them some host names.  Just insert a new line under the one that says "     localhost"
6.  Put in the IP address of your Exchange server, then hit tab or put in a few spaces and put your email domain name with no hostname portion (e.g. NOT
7.  Hit ctrl-x to exit and it will ask you to save, hit "y" for yes, then it will confirm the file name of "hosts" and you can just hit enter to confirm.
8.  You can confirm the change by typing "ping" and you should get a reply from the IP address of the Exchange server.


Author Comment

ID: 33585587
Sorry for the late reply

I have tried the above step, but im still getting this error??

any other suggestions?

Expert Comment

ID: 33604449
The steps I gave assume that your server's certificate matches the fully-qualified hostname of the email server you are using.

Try in Safari.  Do you get any warningings about the certificate?
And are you using the same address within entourage?

The steps I gave before will correct the problem where entourage always connects to and produces an error.  But the actual mailserver name still needs to match between the certificate and the name you have entered into entourage.

Author Comment

ID: 33606011
if I try the webmail address in safari, I get no warnings, just a box that pops up asking for username and password

Im not using the same address within entourage, Im using the IP of the exchange server

Expert Comment

ID: 33612478
Using an IP address in Entourage for the server is your problem.

Let's take a step back and go over one very important detail.  Every SSL certificate has a host name and/or IP address embedded internally inside the certificate.  Normally this is a host name and almost never is it an IP address.  Some SSL certificates have multiple names embedded, and some have wildcards embedded (e.g. *

The important point here is that this information is inside the certificate and cannot be changed by you, only by the email server admin who installed the cert on his server.  Server admins almost never use IP addresses inside the certificate.

When you access the email server that is using the certificate, then your _client software_ compares the address you are going to with the information inside the certificate.  The client software wants to see that if you are going to then the certificate from the server at that address should also contain embedded inside the cert.  If it does not, then you will get a warning like the one you have posted "the server name or IP address does not match the name or IP address on the server’s certificate".

So what you need to do is not use an IP address for the email server address.  In Entourage, you need to enter your mail server address using a name that is in the server's certificate.  If you are using a name to connect with Safari and are not getting any certificate warnings, then you probably should use the same name in Entourage.  You definitely should not use an IP address in Entourage--this works for connectivity but will not allow Entourage to match the cert's embedded name with the address Entourage is connecting to.

You can view the names in the certificate to validate that you will be getting a match by going to the secure site in Safari and clicking on the lock icon in the far upper right of the Safari window.  This will display the certificate for that page, and you want to look for the common name and any subject alternate names or else a wildcard.  You must be using an address in Entourage that matches one of these names.  


Author Closing Comment

ID: 33792570
No solved

Featured Post

Network it in WD Red

There's an industry-leading WD Red drive for every compatible NAS system to help fulfill your data storage needs. With drives up to 8TB, WD Red offers a wide array of solutions for customers looking to build the biggest, best-performing NAS storage solution.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We could spend the next millennium discussing the differences of the Mac and Windows platforms. The next century will continue to have fanatics on both side of the equation and neither side will win the war. However, that’s not why we are here. W…
iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now