KB N°2799: CERTIFICATE ERROR FOR ENTITLEMENT.DIAGNOSTICS.OFFICE.COM (WITH OUTLOOK)

Published November 15, 2023

Outlook displays a certificate error for entitlement.diagnostics.office.com

Context

 

Outlook displays a certificate-related "Security Alert" for entitlement.diagnostics.office.com, stating that the certifcat is issued by olfeo.com.

 

 

Procedure

 

The certificate for the Nginx web server installed on the Olfeo server is displayed because the Microsoft DNS record for entitlement.diagnostics.office.com contains the IP 0.0.0.0.

 

root@machine:/# host entitlement.diagnostics.office.com
entitlement.diagnostics.office.com is an alias for ods-entitlement.trafficmanager.net.
ods-entitlement.trafficmanager.net is an alias for ods-entitlement-weur-web.cloudapp.net.
ods-entitlement-weur-web.cloudapp.net has address 0.0.0.0

 

The 0.0.0.0 resolution causes the proxy to query Nginx, which is listening locally, hence the incorrect certificate. We recommend that you override the proxy for entitlement.diagnostics.office.com, as the expected response will not be received due to the resolution (0.0.0.0), and it is certainly a request that the workstation must execute locally.