NetTalk Central

Author Topic: Does certificate common name verification check Subject Alternative Name?  (Read 323 times)

vklemet

  • Newbie
  • *
  • Posts: 30
    • View Profile
Hi,

Our service provider updated certificates on our email server and our POP server address moved from common name to Subject Alternative Name in the certificate. This caused NetTalk to reject connection to the server when trying to receive emails with error: "The Remote TLS Certificate's Common Name (webmail.tietohippu.com) does not match the Server name (tietohippu.com). And so the connection failed to open NetSimple.TakeEvent"

Does Does certificate common name verification check Subject Alternative Name? And if not, should it check, as SAN is used to add more than one domain to certificate?

We are using server tietohippu.com on port 995. CN and SAN on certificate look like this (from https://www.sslchecker.com/sslchecker):

Common name:
webmail.tietohippu.com

SAN:
autodiscover.tietohippu.com, cpanel.tietohippu.com, cpcalendars.tietohippu.com, cpcontacts.tietohippu.com, tietohippu.com, webdisk.tietohippu.com, webmail.tietohippu.com, www.tietohippu.com

BR,
Vesa

« Last Edit: February 07, 2022, 12:40:30 AM by vklemet »

Jane

  • Full Member
  • ***
  • Posts: 249
  • Expert on nothing with opinions on everything.
    • View Profile
    • Email
Re: Does certificate common name verification check Subject Alternative Name?
« Reply #1 on: February 07, 2022, 01:02:24 PM »
What version of NetTalk?  I don't remember when Bruce added SAN support.

Seems to work with NT 12.35.



vklemet

  • Newbie
  • *
  • Posts: 30
    • View Profile
Re: Does certificate common name verification check Subject Alternative Name?
« Reply #2 on: February 07, 2022, 10:45:41 PM »
Thanks Jane!
It is a version problem. Some of our older apps are still NT10 and NT11. With NT12 it works, so it is time to update those apps. I should have noticed this myself.