SSL Certificate Warning | Office 365 / Exchange & CloudFlare
Email warning popup relating to SSL and cannot verify the server identity message when using Outlook Apple Mail iPhone email

SSL Certificate Warning – Office 365 / Exchange Online and CloudFlare


Symptoms

  • Your device connects to your Office 365 / Exchange Online email account
  • The device pops up a security or SSL certificate warning complaining of:
    • an invalid name
    • “Cannot Verify Server Identity”
    • “A secure connection could not be established with the server”
    • or equivalent message
  • When you view the certificate details, you’re being issued an SSL certificate in the name of CloudFlare (cloudflare-dns.com)
  • You now scratch your head and wonder why CloudFlare is issuing certificates when you’re trying to talk to Microsoft Office 365

 

Cause and Remedy for SSL Certificate Warnings

CloudFlare is nothing to do with Office 365. So the question is, why does CloudFlare return a certificate when you were trying to communicate with Microsoft?

CloudFlare provide DNS services. Without technical detail, this is basically what makes the internet work, in the way most people understand and use it. DNS ensures that all your internet traffic reaches the correct destinations.

CloudFlare offers a service called DNS Proxying. In simple terms, it intercepts all requests to your domain (e.g your website). It then forwards them on to your web server if they look legitimate. So, any malicious attacks involving a denial-of-service for example (a big flood of traffic designed to stop your website from working) do NOT hit your website directly. They are hoovered up by CloudFlare and blocked.

If your nameservers are with CloudFlare (ask your IT people), you should log into CloudFlare and check to see if the autodiscover “A” record is being proxied. If so, CloudFlare is intercepting any requests by your device when it attempts to use this vital Microsoft autodiscover process, and passes it through to Microsoft. CloudFlare acts as a proxy.

This explains why you get a mismatch on the certificate and how CloudFlare is mysteriously getting in the way, even though we’re trying to talk to Microsoft. To be fair, it seems that most of the time it’s seamless and works fine anyway. But if you get repeated password prompts in Outlook or any kind of SSL certificate / security warning about an invalid certificate or mismatched name, this is likely to be the cause.

Since you don’t care if Microsoft receives a DoS attack, as it’s not your problem, it’s fine to turn off proxying for the autodiscover record on its own. This means that when your device attempts to retrieve email, it talks to the autodiscover service. But Cloudflare doesn’t intercept that request and hence you don’t get the SSL warning.

Real-Time Feedback

When we solve a support ticket, clients are given the choice of leaving good or bad feedback along with an optional comment. We post the 10 most recent comments here automatically and in real-time. You can view even more on our page.

Date Name Comments
Mar 30th Ed P The Purple Computing team were very assertive and timely in their help when we needed it to meet a tight deadline. We couldn't have achieved what we wanted without their patience and support and forever appreciate what they do for our business.
Mar 29th Garry H Issue sorted very quickly and efficiently
Mar 28th Sally T I'm not sure what the problem was, but when I took my computer to somewhere with stronger internet it updated and sorted itself out
Mar 24th Esther W Jack was excellent!
Mar 23rd Aimee M Hi Dean was brilliant very patient and helpful. The problem is now resolved.
Mar 23rd Lorna S Fast, great!
Mar 23rd Craig L Good service as per usual.
Mar 22nd Caroline W Extremely quick response, friendly and helpful! Thanks so much!
Mar 21st Mark H Really timely response - around 5 minutes after request submitted. Solved just as quick - apparently an old bug that Lochie was aware of and had the fix for so back up & running in 5 minutes. Great support, thank you Purple
Mar 21st Sally T Really fast reassuring service - thank you