Outlook may detect invalid server SSL certificates when connecting to your mailbox. If this happens, your Outlook status bar may display a Certificate Error notification:
This error may occur because you are connected to a network that does not allow open connectivity to your mail server.
Determine whether you are connected to the appropriate network, as follows: While on wi-fi, open a web browser, then navigate to a public website to see if you are interrupted by a login process. If you are on the correct network and can otherwise reach the internet, the problem is most likely out of your control. Contact your organization's support team for further assistance with this network or service issue.
Resolve the error for on-premises servers with self-signed certificates
If your organization operates its own mail server, it may be using self-signed certificates that are not trusted by publicly known root certificate authorities. If so, and your administrator has enabled your device to install these certificates, take these steps:
- Click on the status bar where it says Certificate Error.
- In the subsequent dialog, verify that the server name(s) are the correct servers that host your email.
- If so, select Show certificate errors.
- View the displayed list of specific problems for each certificate.
- If the only problem is that the signing authority is not trusted, select View Certificate.
- Next (assuming that your administrator has enabled the installation of certificates) click the Install Certificate button to install the certificate.
Note
You may need to restart Outlook for certificate installation to take effect.
Other possible causes
Typically, the only actions you can take to self-resolve the error are the above-described changing of your connectivity or installing the self-signed certificate for on-premises hosted servers.
Othe possible causes include misconfigured network proxy devices, DNS issues, or invalid/expired certificates installed on the network or email infrastructure services. Note that Outlook no longer allows connections to servers with invalid certificates.
(Admin) Provisioning devices with the Install Certificate option
Are you the administrator of an organization that operates its own email servers reliant on self-signed certificates? To enable your users to install certificates (as described above) you can publish the following registry value to your organization's devices:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Policies\Office\16.0\Outlook\SecurityCertDialogAllowInstall (Type: DWORD, Value: 1)
This registry value will only enable the Install Certificate option when:
The server or service Outlook is connecting to is not Microsoft 365.
The reason for the SSL validation error is an untrusted signing authority.
- If the certificate is invalid due to the date or hostname the install option will not be available.
If you can instead push certificates to the trusted certificate store on the devices, this will save your users the steps above and prevent the problem from occurring.
