I have had a bit of a worrying issue with some of my outlook clients recently.
My ssl cert expired recently so I updated it. The cert is self signed but I have imported the CA from my Zimbra machine into my windows clients certification store (by converting it to a .pfx and using the MS certutil.exe to import it).

  • Most clients saw the new cert
  • Some of my Outlook clients continued to throw up warnings that the IMAP ssl had issues and on inspecting the certificate the old certificate was presented
  • The WEB UI (https) was OK on the affected machines (no warning new cert used)
  • Changing the IMAP to IP address gave a name error but received the correct cert.

To fix the issue I had to do the following:-

  1. Change the affected clients to use IP address to connect to the IMAP
  2. Re-start Outlook
  3. Change IMAP settings back to FQDN (full name)

After this all was OK and the Outlook clients behaved. The worrying thing is that it appears some of my Outlook clients are caching the Zimbra SSL cert. Surely that can’t be right?