Microsoft to Outlook 2016 users: “Trust the certificate, and it all goes away…”

Of course, Microsoft never really said these words to the Mac users using Outlook 2016. Which is the best mail client available for the Mac by far, especially if you grew up with Outlook. If you ignore one error that hasn’t been fixed for ages.

When you are using Office 365 and your website isn’t hosted on the same server as the mail server, you run into a neat little problem. You get an SSL error, since Outlook 2016 is looking at the wrong server, and says “Hey, this SSL record is no good”. It happens whenever you don’t have an SSL certificate installed (get with the time people, me included) on your website, that isn’t hosted on Office365. Which is basically, every website error.

So, anyway, this error is pretty well known with the folks of Microsoft and instead of doing something about it, they’re telling people to just ignore the error. It’s okay. You can just click to always trust the certificate, and the problem is gone!

While that technically solves the problem, it’s not exactly the most security minded advice, Microsoft. How about an actual explanation on how to solve the problem when your site is hosted on your own server? A tip on how to re-issue the certificate? You’re just going to choose to focus on telling people to ignore warning messages in a time when that very same Outlook 2016 offers support for encryption and digital signing? Okay, then.

In case you’re wondering what I’m talking and ranting about, here’s the official KB article on the problem. Short. To the point. The security equivalent of “Did you try turning it on and off again?”

Enjoy the article in it’s full glory here.