We're trying to roll out Office 2016, and we've been having a certificate issue when setting up Outlook 2016 for the first time. When it tries to connect, it's asking to trust a cert that has nothing to do with our exchange server. Has anyone else experienced this? How did you resolve the issue?
It's pretty common from what i've heard....
We have that issue here, because our old email server and/or ADFS uses a certificate with a hostname mismatch....
In our case, I added a section in my postinstall script that injects the certificate into the System Keychain and sets it as trusted.
I see the same issue with my Office 365 Exchange accounts because Outlook is first checking autodiscover.talkingmoose.net, which has no certificate associated with it. I have no certificate for my top level domain.
My understanding is this has something to do with Outlook now using Apple's CFNetwork Framework instead of its own (as Outlook 2011 did). Not sure how or why, but that's what I was told.
Complain to your Microsoft Technical Account Manager. I've complained to my contacts at Microsoft but they don't see to share my concern.
if you had a certificate called "SOME_CERTIFICATE.cer" located in the folder "/tmp",
the code would look like this (assuming you had a hosname mismatch like i do)
/usr/bin/security -v add-trusted-cert -r trustAsRoot -e hostnameMismatch -d -k /Library/Keychains/System.keychain /tmp/SOME_CERTIFICATE.cer
If you were to do this command on it's own, you would need a 'sudo' before it, but since I use it in a package post install script, it has elevated privileges
This issue occurs in Outlook 2016 for Mac version 15.9 and later versions when Outlook performs an Autodiscover operation and tries to connect to a service endpoint whose expected name is not present on the server's Secure Sockets Layer (SSL) certificate.
Resolution (excluded pushing certificate method, a workaround instead of a solution)
Reissue a certificate that includes the domain name as the Subject Alternative Name. This enables you to resolve the issue for all Outlook for Mac clients without having to trust the certificate from each client individually.