The flag PRXF_IGNORE_SEC_WARNING doesn’t work in MAPI \ CDO as it should.  The flag was introduced to support RPC over HTTP in the updated MAPI \ CDO that was released around the time of Exchange Server 2013’s release.  The flag is supposed to instruct the MAPI subsystem to use this flag RPC_C_HTTP_FLAG_IGNORE_CERT_CN_INVALID when configuring the connection to Exchange using RPC over HTTP.  However, due to a code defect, it only sets this flag on the connection to the Addressbook.  It doesn’t set this flag on the connection to the Exchange Server.  Therefore, it won’t ignore the certificate if the CN is invalid.

Additionally, RPC will not ignore certificates that come from a Certificate Authority that is not trusted.  This is by-design for RPC over HTTP.  This is generally true of self-signed certificates.  In this case you will have to fully trust the certificate to get around this limitation.  You can trust it by adding the certificate to the Trusted Certificate Authorities on the machine.  Note: You should only do this for certificates you trust.

Comments (2)

  1. tc says:

    has this been resolved with the Jan release of CDO?  

  2. No, this will likely never be fixed.  That's why I blogged it here.

Skip to main content