My son’s school changed hosted email from Google apps to Microsoft 365.

With imap.googlemail.com and smtp.googlemail.com, avast Mail shield (for mac, latest version) was abel to scan the mail.

This fails for the MS servers (pod*…outlook.com where * is a number), apparently because the certs signing the MS
server certs are not in his Mac’s keychain.

Just opening the Mail Shiels Prefs and adding the pod*.outlook.com to the known SSL servers is NOT sufficient.

My question is: where do I get the relevant cert and how to install it?

Managing this gets to be a real pain.

/var/log/system.log reports:
Aug 13 16:33:13 vademacumpro proxy[60]: No common name matching host name (pod51024.outlook.com) found in peer certificate!

No-one? How do I find out where to get the certs for SSL IMAP servers that I need to add?

There is no wildcard CN entry *.outlook.com in the certificate, so you have to use outlook.com, not pod51024.outlook.com as the server name.