Windows 10 Mail certificate errors

Hi community!

I'm using the Windows 10 Mail app with my personal IMAP-server using SSL, using an internal corporate CA Certificate (SHA256, trusted as Root CA by the clients), and a wildcard-certificate on my connection (also SHA256, mydomain.com and *.mydomain.com).

This formula worked like a charm for the Windows 8.1 Mail app, and still works perfect in Outlook 2013. Also Edge, Chrome and IE trust the wildcard-certificate perfectly without issues.

Only the Windows 10 Mail app complains that the certificate for imap.mydomain.com is invalid and refuses to collect or send my mail. I can push the button to collect mail anyhow, but the error keeps recurring and the app won't send any mail.

Translation from Dutch dialog: 

Untrusted certificate.

The certificate for imap.mydomain.com is invalid.

This can indicate an attempt to gain access to or theft of your data.

It's not recommended to connect to this server.

Do you want to connect anyway?

I once got the error code 0x80072f89 to appear, but can't really recreate that, so I'm not too sure this actually was 100% related.

Can anyone tell me how to fix this? Or how to debug the reason for certificate denial. Or point me into the direction to find what specific requirements exist for imap/smtp-certificates for Windows 10 Mail?

Thanks!

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Hi,

Thank you for posting your query on Microsoft Community. 

 

The issue you posted would be better suited in the TechNet Forums; we would recommend posting your query in the TechNet Forums for further assistance:

https://social.technet.microsoft.com/Forums/en-US/home?forum=WinPreview2014General%2CWinPreview2015Phone&filter=alltypes&sort=lastpostdesc

Thank you. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

Thank you for posting your query on Microsoft Community. 

The issue you posted would be better suited in the TechNet Forums; we would recommend posting your query in the TechNet Forums for further assistance:

https://social.technet.microsoft.com/Forums/en-US/home?forum=WinPreview2014General%2CWinPreview2015Phone&filter=alltypes&sort=lastpostdesc

Thank you. 

How would it be better to post on a locked forum on insider preview versions, when I have issues with the regular RTM build?

Thank you for your effort, but this is quite an unhelpful reply... 

6 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi,

Thank you for posting your query on Microsoft Community. 

The issue you posted would be better suited in the TechNet Forums; we would recommend posting your query in the TechNet Forums for further assistance:

https://social.technet.microsoft.com/Forums/en-US/home?forum=WinPreview2014General%2CWinPreview2015Phone&filter=alltypes&sort=lastpostdesc

Thank you. 

How would it be better to post on a locked forum on insider preview versions, when I have issues with the regular RTM build?

Thank you for your effort, but this is quite an unhelpful reply... 

Oh, and on top of that: in the TechNet Windows 10 General forums, they state specifically that for issues regarding apps, one should go to the community.

https://social.technet.microsoft.com/Forums/en-US/8b921f2d-06cd-4b79-a049-aabafaee8b79/windows-10-forum-faq?forum=win10itprogeneral

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

crappy support!

I have the same issue

5 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I now have the most worthless workaround in place: disabling SSL/TLS altogether. Not really recommended though.

If you want to do this, there is a pitfall: even it you remove the check to indicate you don't want to use SSL, the Mail App will still try the SSL alternative first and still complain about the certificates before trying the non-SSL ports.

To mitigate that issue, you should add the non-ssl port numbers to the server names. imap.mydomain.com:143 and smtp.mydomain.com:587.

Some forums suggest you have to add another :1 behind that port, but that doesn't work at all.

2 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Um... Same here... **** do I do?  (and how? Be kind to me pls) :-)

M

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Still not fixed.

Hilarious.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Just been troubleshooting this myself.

I use my own mail server, with a certificate which is signed by my own CA. I install my CA root certificate on machines which I want to use, which then normally automatically validates my various certificates (mail, web, etc). This has been working great.

Except now with the Windows 10 mail app.   It -appears- as though the Mail App doesn't honour Windows root certificates, where my CA root cert is installed.

On top of this there does not appear to be any bleeping way to get logging or advanced error information out of these apps to actually get to the bottom of this.

When creating a new mail account in the App I can accept my self-signed mail certificate, and all is dandy, until I refresh the mail certificate (an annual process); at which point I have to delete the account, and recreate it, since there is no way to tell the App to accept the new certificate; it just spams uninformative error messages.

Quite frankly, whoever is building these apps needs to get some additional training. These sort of issues are not acceptable in a commercial product by a major vendor.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

w10: search: Certificate -> open Microsoft Certificates Center (or run/Home->by typeing: cert->Local certs center)

once if you have a valid cert you can here choose what kind of it and import to there.

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thank you for your input, Peter, but Michael wrote he already added the certificate to the store.

As did I. 

So, an instruction how to add a certificate (without actually telling how to trust a Root Certificate) doesn't help. At all.

The issue is that all applications honor the trusted root certificate, but the Windows 10 Mail App apparently thinks it's smarter than the Trusted Root CA Certificates store and still doesn't trust our custom certificates.

That, or there may be another reason the certificates fail, but since there seems to be no logging output, we don't know what to fix...

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated September 29, 2020 Views 21,480 Applies to: