On 2026-06-17 at 04:00:42 UTC-0400 (Wed, 17 Jun 2026 10:00:42 +0200)
Dan Malm via mailop <[email protected]>
is rumored to have said:
Hi,
At around 06:00 UTC this morning deliveries to hotmail/outlook and
some other microsoft hosted domains started failing with certificate
errors... Openssl shows me this on multiple different machines in
multiple locations (:
❯ echo QUIT | openssl s_client -quiet -starttls smtp -connect
hotmail-com.olc.protection.outlook.com:25
Connecting to 52.101.9.25
depth=1 C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation,
CN=mail.protection.outlook.com
verify return:1
I'm not the only one seeing this, am I?
Confirmed with sslscan & openssl s_client.
I am not sure what the problem is with the chain, as the intermediate
(or one with the same name) is sent by the server and it is signed by
"DigiCert Global Root CA" which matches the name of a certificate in the
"System Roots" of macOS.
Having instigated a very similar problem on a less active service once
by neglecting to see if a new cert issued by a cert with the same name
as the existing intermediate was issued with a new actual cert, I cannot
criticize...
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Please keep discussion mailing list replies *on-list*
Not Currently Available For Hire
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop