The outlook security certificate error arises when the security certificate used by your email server has expired or becomes invalid. The Cannot start Microsoft Outlook error means that the security certificate that your connected server was using cannot be verified. Moreover, this also means that there are no prior certificates available before the expiry period.

There are two aspects of updating the certificate: If you are an administrator, you need to update a new certificate. Whereas, if you are an end-user, then you may ask your admin to update the certificate. For a non-technical user, the error may seem hard to configure, but it is safe to click OK to the error message dialog box. 

So, in the next section, we will understand why does the Outlook certificate error occur.

When Does Outlook Security Certificate Error Occur?

While working with the IMAP Outlook account protected by Secure Socket Layer, many users encounter the pop-up message which says Internet Security Warning & Outlook Keeps Asking for Password which means that the server you connected to is unable to verify the security certificate. Other problems are:

  • Sometimes, the name in the certificate and the name used in the account settings remain unmatched.
  • This issue also arises when the user has attached a self-signed certificate that Outlook can not configure within.
  • Sometimes the address provided in the auto-discover file does not match the address in the server. 

The easiest way to fix the Outlook certificate error is to change the server name; if it is allowed by your mail provider.

How to Fix Security Certificate Error in Outlook?

The following procedures help to fix the security certificate error in Outlook by renaming your IP address. But first, you must know your IP address:

To know your server IP address:

  1. On your desktop, click on the Windows + R keys to open the Run command.
  2. Then type cmd.exe and click on the OK button.
  3. In the cmd.exe, type ping mail.yourservername.com to find your IP address. You can find the IP address associated with your server name.
  4. Now, cross-check the server name in the ping matches to that of the name of the certificate. 
  5. Use the resultant ping name in Outlook as the mail server name if the name is varied.

To justify the Outlook certificate error, you need to set the correct target principal name. Follow the given steps:

  1. To know the IP address, open Command Prompt and ping the incoming mail server. For example: put ping mail.yourname.com in the command prompt and note the Ping Statistics, showing the IP address.
  2. View the Outlook security certificate and note the server name mention under Issued To. 
  3. Edit the host file located in %windir%\system32\drivers\etc, and add a new line for the given IP address.
  4. Now, open the hosts’ file by double-clicking the hosts’ file and selecting the Notepad option to configure the Outlook certificate error.
  5. Then, enter the IP address with server name in the hosts’ file like this: 222.11.22.11 qazwsx.edc.co.nz
  6. Now, make an edit to Outlook account settings by changing the incoming and outgoing mail server to qazwsx.edc.co.nz

By the above procedure, you can solve the target principle name from both ends. If you are using a wildcarded certificate, the hosts file entry can be changed to preferred name.edc.co.nz. The wildcard will cover the name. 

Conclusion

The Outlook certificate error occurs when the name of the server and the certificate name remain unmatchable. Correcting the target principle name will help in diverting the mail server traffic directly to your mail server. Until your mail provider uses the valid certificate authority, the certificate will get trusted by itself. If you again encounter the error, then reconfigure the incoming and outgoing mail servers.