Certificate Domain Mismatch Error
Contents |
Details
You may receive a "domain mismatch" warning or error when making a secure connection to the DreamHost mail servers (using mail.your_domain.com).
This is because DreamHost's mail server certificate (the NDN Certificate) is for the domain *.mail.dreamhost.com. A connection where the specified domain is mail.yourdomain.com will still be secure but mail programs may show a warning about the domains not matching.
In many mail programs you can examine the certificate sent from the server to your mail program, verify the information in it came from the DreamHost mail server, and choose to connect despite the domains not matching. You should only turn off this error if you trust that the server your are connecting to is the correct server.
You can try the solutions below to avoid receiving the "domain mismatch".
Solutions
Direct server
Connect to the mail server using the dreamhost.com server name instead of mail.your_domain.com.
Use these steps to determine what server name to use:
- In the DreamHost Control Panel, click the "Account Status" link in the top right corner.
- Look for the Email Cluster.
- Find your cluster in the table below.
- Use the server name for the incoming server in your mail program.
| Email Cluster | Server Name |
|---|---|
| homiemail-sub3 | sub3.homie.mail.dreamhost.com |
| homiemail-sub4 | sub4.homie.mail.dreamhost.com |
| homiemail-sub5 | sub5.homie.mail.dreamhost.com |
| homiemail-master | homie.mail.dreamhost.com |
Host File Modification
| The instructions provided in this article or section are considered advanced. You are expected to be knowledgeable in the UNIX shell. |
If you know what a "hosts" file is and have access to edit the one on your computer, you can add the IP of mail.yourdomain.com to your hosts file and point mail.dreamhost.com at it. YMMV if you ever need to access anything that's actually located on mail.dreamhost.com, but I haven't run across anything yet, personally.
Check with your operating system documentation for where the hosts file is located. Some versions of Windows have it stored in C:\windows\system32\drivers\etc\hosts
An example of the line to add to the hosts file is:
123.123.123.123 mail.dreamhost.com
Where 123.123.123.123 would be replaced with the IP address of mail.YourHostName.com. Afterwards, configure your email program to connect to mail.dreamhost.com instead of mail.YourHostName.com. (Be aware that you will not be able to connect to the 'real' mail.dreamhost.com using its hostname
Clients
There are various client-specific solutions, often involving turning off the warning about a domain mismatch.
There are solutions to other clients as well. If you have one, please list it here.
Thunderbird
- Thunderbird (a very elegant solution) May not be needed for Thunderbird 3.0 and later.
For Mozilla Thunderbird, check out this extension which adds a box to the warning dialog box to ignore that warning only. May not be needed for Thunderbird 3.0 and later. [Version 1.4.6 — February 17, 2008 — 95 KB, RMD will not be available for Firefox 3 (and Thunderbird 3). The new 'Security Exception' feature included in Firefox 3 means that RMD is no longer required.]
Evolution
The Evolution e-mail client will not even attempt to communicate with mail.dreamhost.com over IMAP/TLS unless you create aforementioned entry in the /etc/hosts file so that mail.dreamhost.com points to the IP address of mail.YOURDOMAIN.com. Evolution will simply fail to negotiate a SSL connection.
Outlook Express (Windows)
- Outlook Express, and potentially other Windows clients
Mail.app (Mac OS X)
- This comment at the blog post linked above gives solution for Mail.app (Mac OS X) This solution no longer works for Mac OS X 10.5 and above.
See Re-Trust SSL Cert for detailed discussion.
