After updating Windows 10 Home to version 21H2, Outlook 2007 incoming mail via POP3 port 995 is interrupted by the Internet Security warning: “The server you are connected to is using a security certificate that cannot be verified. The target principal name is incorrect. Do you want to continue using this server (Yes/No)?” The certificate that cannot be verified is “GlobalSign GCC R3 DV TLS CA 2020” made to “mail.hispeed.ch”.
I had no such issue with version 21H1! I have tried configuring the connection using IMAP but get the same warning. For the time being I am using port 110 (without SSL encryption) which runs without problem. Is anyone in this community have the same experience or and understanding of what’s causing the issue I have with Outlook?
EnglishSSL certificate issue with Outlook
The IMAP certificate looks correct:
`openssl s_client -showcerts -connect mail.hispeed.ch:993 -servername mail.hispeed.ch
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020
verify return:1
depth=0 CN = mail.hispeed.ch
verify return:1
Certificate chain
0 s:CN = mail.hispeed.ch
i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020
—–BEGIN CERTIFICATE—–
MIIGnTCCBYWgAwIBAgIMMI2FLu34h97KtAKgMA0GCSqGSIb3DQEBCwUAMFMxCzAJ
BgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSkwJwYDVQQDEyBH
bG9iYWxTaWduIEdDQyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTEwMDQxNjE0MzFa
Fw0yMjExMDUxNjE0MzFaMBoxGDAWBgNVBAMTD21haWwuaGlzcGVlZC5jaDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOFsKOx2mZmGyWPXd4CjqjQeud4/
SUGkXWInNdOKSzxbCz/0sRXgKFlCoaONQ8he09MlLkFJHnoBpc3v5xpqje3BRK+S
7mybR2JsZGwNMH0tiSGh4f6jJvdJxYQbftM74wmtfeSrqK6qkcx44eA6lzs9OJJ4
TNmuPRhxsvmA8lOe+WaTY98KOGjelnwJ0P9EvJh7ArEV0VDCzXT7yR8TP5idW6bQ
ZEZRg2TqA904HG5SzDlN0s6BVgsPay/ej0qo+fs+adLUFaB86EX28S6c6ks8kOmj
QvFMHN9Fkd7gKhZUHVyPS4mGFRXpiqwro5dl1WCOKkvXF+wYPYNrQgaiFU8CAwEA
AaOCA6gwggOkMA4GA1UdDwEB/wQEAwIFoDCBkwYIKwYBBQUHAQEEgYYwgYMwRgYI
KwYBBQUHMAKGOmh0dHA6Ly9zZWN1cmUuZ2xvYmFsc2lnbi5jb20vY2FjZXJ0L2dz
Z2NjcjNkdnRsc2NhMjAyMC5jcnQwOQYIKwYBBQUHMAGGLWh0dHA6Ly9vY3NwLmds
b2JhbHNpZ24uY29tL2dzZ2NjcjNkdnRsc2NhMjAyMDBWBgNVHSAETzBNMEEGCSsG
AQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
bS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADBBBgNVHR8EOjA4MDag
NKAyhjBodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL2dzZ2NjcjNkdnRsc2NhMjAy
MC5jcmwwdgYDVR0RBG8wbYIPbWFpbC5oaXNwZWVkLmNogg9zbXRwLmhpc3BlZWQu
Y2iCDnBvcC5oaXNwZWVkLmNogg9pbWFwLmhpc3BlZWQuY2iCD3lvdXIuaGlzcGVl
ZC5jaIIXcmVnaXN0cmF0aW9uLmhpc3BlZWQuY2gwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFA2YwHN/q7292UdLSa0KSgysPsd8MB0G
A1UdDgQWBBQkzyEiwRp2gyrc+jHCaMaGaL+2ujCCAX0GCisGAQQB1nkCBAIEggFt
BIIBaQFnAHYAb1N2rDHwMRnYmQCkURX/dxUcEdkCwQApBo2yCJo32RMAAAF8TBXs
bwAABAMARzBFAiBj+YJt3IchwnoNKaKKOho0JghvrA3SIttYnN8ynBng6QIhAI8a
fGn7TNqiTGBGGQECpkfaiHI2GSiMQixoM6G1LuTgAHYAKXm+8J45OSHwVnOfY6V3
5b5XfZxgCvj5TV0mXCVdx4QAAAF8TBXsbgAABAMARzBFAiBo2u7m4GuSRGjaGaYt
6jINiiDBoL2fl6odfXwpM6N5PgIhALHL99rVxi/KMwkhCXA0AP7/4pR+hZ+phxxv
vNlCcdeyAHUAVYHUwhaQNgFK6gubVzxT8MDkOHhwJQgXL6OqHQcT0wwAAAF8TBXs
lQAABAMARjBEAiBn/hjFz082g/1uzOAMEJJPz2BJJSuizo7C4f8hMLEBWgIgGcaU
IT+4Dpv5aXnlO5ABh7gDLFhTNIfWZXeZQ7bktoQwDQYJKoZIhvcNAQELBQADggEB
AJiW0ggBx52XobYWOyGbvi0b4NFTUJMkTetd439i9/tHA7/1rQYl8apxOIA0c4Tp
P9mqeGmSuA8bGPb5joUTlgTfVnSmg9AuD317Jg62rLhHWgQu3b3hPXle/rPBhmbW
6aox2iU8RqBi8PWvEF4tm4s8JwDPbc3S2ZGqT6EA3NhQmUI0grBPtpp9oqyysYrE
9f8MLC0ht4RVHqMoYmq+CbigMzJqhWq0G6BqmtdNRHQ4b6NwvOy4KpUX0qfOy/AH
g3ejf9pRLHeg0+twExafJcYvilOSms8wbS1blGaKKOOqlqIXNv8nzK2YTrRlg13/
zftqNw1gzXjSKMd/oG8FJqc=
—–END CERTIFICATE—–
1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020
i
U = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
—–BEGIN CERTIFICATE—–
MIIEsDCCA5igAwIBAgIQd70OB0LV2enQSdd00CpvmjANBgkqhkiG9w0BAQsFADBM
MSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xv
YmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0yMDA3MjgwMDAwMDBaFw0y
OTAzMTgwMDAwMDBaMFMxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWdu
IG52LXNhMSkwJwYDVQQDEyBHbG9iYWxTaWduIEdDQyBSMyBEViBUTFMgQ0EgMjAy
MDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxnlJV/de+OpwyvCXAJ
IcxPCqkFPh1lttW2oljS3oUqPKq8qX6m7K0OVKaKG3GXi4CJ4fHVUgZYE6HRdjqj
hhnuHY6EBCBegcUFgPG0scB12Wi8BHm9zKjWxo3Y2bwhO8Fvr8R42pW0eINc6OTb
QXC0VWFCMVzpcqgz6X49KMZowAMFV6XqtItcG0cMS//9dOJs4oBlpuqX9INxMTGp
6EASAF9cnlAGy/RXkVS9nOLCCa7pCYV+WgDKLTF+OK2Vxw3RUJ/p8009lQeUARv2
UCcNNPCifYX1xIspvarkdjzLwzOdLahDdQbJON58zN4V+lMj0msg+c0KnywPIRp3
BMkCAwEAAaOCAYUwggGBMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUDZjA
c3+rvb3ZR0tJrQpKDKw+x3wwHwYDVR0jBBgwFoAUj/BLf6guRSSuTVD6Y5qL3uLd
G7wwewYIKwYBBQUHAQEEbzBtMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcDIuZ2xv
YmFsc2lnbi5jb20vcm9vdHIzMDsGCCsGAQUFBzAChi9odHRwOi8vc2VjdXJlLmds
b2JhbHNpZ24uY29tL2NhY2VydC9yb290LXIzLmNydDA2BgNVHR8ELzAtMCugKaAn
hiVodHRwOi8vY3JsLmdsb2JhbHNpZ24uY29tL3Jvb3QtcjMuY3JsMEcGA1UdIARA
MD4wPAYEVR0gADA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWdu
LmNvbS9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAy8j/c550ea86oCkf
r2W+ptTCYe6iVzvo7H0V1vUEADJOWelTv07Obf+YkEatdN1Jg09ctgSNv2h+LMTk
KRZdAXmsE3N5ve+z1Oa9kuiu7284LjeS09zHJQB4DJJJkvtIbjL/ylMK1fbMHhAW
i0O194TWvH3XWZGXZ6ByxTUIv1+kAIql/Mt29PmKraTT5jrzcVzQ5A9jw16yysuR
XRrLODlkS1hyBjsfyTNZrmL1h117IFgntBA5SQNVl9ckedq5r4RSAU85jV8XK5UL
REjRZt2I6M9Po9QL7guFLu4sPFJpwR1sPJvubS2THeo7SxYoNDtdyBHs7euaGcMa
D/fayQ==
—–END CERTIFICATE—–
Server certificate
subject=CN = mail.hispeed.ch
issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign GCC R3 DV TLS CA 2020
—
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 3413 bytes and written 433 bytes
Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 94E3E60C09C67A91BDEBCC60B14F6259ED4C47A31BFBA41C9768F187005F32E9
Session-ID-ctx:
Master-Key: 6FECF4B3DBE7BAEEF033A08AF31A7D75B60913CCF0D026859FBAC523D49613AF9F44DA2E33D2DAB801E240426B31EF3F
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1659864459
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: yes
- OK [CAPABILITY IMAP4rev1 LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready.`
But I think it might be an Office 2007 issue, which doesn’t (anymore) support the current certificate standards. I suggest upgrading to at least Office 2019.
Thanks Pato for your feedback. I will consider your suggestion to upgrade my version of Office assuming that it would resolve the issue I have with Outlook. Nonetheless … surprisingly, I do not come across that issue on my second computer which is at version 21H1 of Windows 10 and with an identical installation of Outlook 2007 (same accounts, same configuration). That fact leads me to believe the issue is caused by a change made in version 21H2 of Windows 10. As it is unlikely that I obtain support from Microsoft for this case, I’ll just try from time to time to use port 995 (or 993) and see whether it works again. Thanks anyway.