SSL certificate authentication on Outlook 365 (cloud)

We can send emails using an Office 365 account from third-party devices using STARTTLS encryption on a SMTP server (port 587).

The device I am using does not support STARTTLS, only plain vanilla SMTP (port 25) or an SSL certificate type connection. How can I activate SSL certificates for my Office 365 account?

This page outlines three alternatives to use in such a situation, however :

  • Option 1: My device is not compatible
  • Option 2: I need to send to users outside of my domain
  • Option 3: I don't know the IP addresses of my devices (there are many), and even if I did the addresses are susceptible to change. Also requires setting up a 3rd party server/service which is not desirable.

In outlook (the desktop app) it is possible to authenticate with an SMTP server by installing an SSL certificate. How can I render the Outlook 365 server compatible with SSL authentication?

1

2 Answers

"TLS" is just the name for the newer version of "SSL". Reference.

Office 365 supports TLS and STARTTLS on port 587. Their website says "TLS/StartTLS", however, only STARTTLS is support as mentioned by @Robert in the comments.

With the program/service/device that only has SSL and insecure SMTP: try using SSL with port 587. If you cannot sent e-mails, that means the software does not support the minimum SSL/TLS version that Office 365 requires. There's no way to fix this unless the software has a newer version with TLS/STARTTLS support that you can upgrade to.

Not a recommendation, but a workaround: In Outlook, you might be able to install the certificate into Certificate Manager. When you see the certificate prompt, open it up and Export it as a P7B or PFX (preferred) file. Then go to Start->Search for "certmgr.msc". Go into Personal->Certificates, right-click and Import the certificate you exported. Restart Outlook. Not a guarantee to work, but has worked for me in the past in one-off situations.

If all else fails, I recommend setting up an intermediary/relay SMTP server on the network to handle this. I know you specifically mentioned this is not desired, but mentioning it here as a possible solution if you can't get anything else to work. E-mails will flow into the relay, then it will forward those through the Office 365 SMTP address using TLS/STARTTLS on port 587. Make sure to lock it down - restrict access by IP address and enforce other security recommendations, otherwise outside users could use it for spam/phishing.

If you have a Windows Server, the SMTP role is on all editions. With Linux you have many options as well.

3

Sounds like it is an Office 365 SSL encrypt issue. Tried some research and found that this article Plan for third-party SSL certificates for Microsoft 365 describes that to encrypt communications between your clients and the Microsoft 365 environment, third-party Secure Socket Layer (SSL) certificates must be installed on your infrastructure servers.

By the way, have you ever tried to post your issue to the Dedicated Office365 Forum? Maybe the support there got more specific information about that?

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like