Outlook Fails to Remember Security Certificate Exception

Adding an email account to Microsoft‘s Outlook email client program I was getting an error when the connection to the server was made.

There was a security exception. The certificate doesn’t match the domain which I’ve entered. Did I wish to accept it?

I am able to confirm the security exception and download the certificate from the mail server. I can chose to save it either locally or globally.

For the remainder of that day I had no further error messages and the connection to the mailbox continued to work, both sending and receiving emails.

However, next time when I restart the computer it’s all the same once more – deja vu! Outlook once more states the error, requiring the certificate to be downloaded again.

Outlook had not permanently saved the exception.

Is there a means to ensure that Outlooks remembers the certificate security exception?

I was unable to find documentation which showed this to be possible.

This does raise the question:

Why am I still seeing the certificate error message, given that I have already downloaded and set the exception?

I had configured Outlook with an email account for a domain hosted on a generic mail server.

The mail server is used to host lots of domains. Some of its configuration settings are therefore generic, not specific to one of the hosted domains. An example of this is the SSL certificate. Whenever I start the computer and open Outlook afresh I get an error message relating to the certificate being invalid.

The cause of the error is the certificate, it is a wildcard certificate for a domain, allowing it to be applied across a number of mail servers.

However, this is specific to the hosting infrastructure and doesn’t match the individual domains which are being hosted.

As I was configuring the mailbox to use a generic mailbox with representation for a domain I chose to configure the incoming and outgoing email server by its generic reference, which matched the domain given in the security certificate.

With this change made all was well. Now when I start the computer and open Microsoft outlook there is no error message reporting that the security certificate doesn’t match the domain.

To find the reference for the mail server I used the DNS dig command to get the IP address. For example

dig mail.example.com

I was then able to use the nslookup command to derive the name of the mail server from the IP address. For example: