Outbound TLS connections fail with certificate validation error
Last Updated October 19, 2010
Email messages to domains configured for TLS delivery are queued or delivered without encryption
2010 Jun 9 13:11:08 MDT (info) ecelerity:  Subject Common Name does not match host name
2010 Jun 9 13:11:08 MDT (info) ecelerity:  DNS Subject Alternative Name does not match host name
2010 Jun 9 13:11:08 MDT (notice) ecelerity:  ec_ssl_ctx 0x952d8f08 tls_verify_validca failed
The Brightmail Gateway MTA is failing to verify some otherwise valid TLS certificates. In some configurations this will cause negotiation of the transport layer security to fail.
This issue has been addressed with the Brightmail Gateway 9.0.2 release.
For earlier versions, as a workaround, TLS delivery can be configured to ignore failures in certificate validation.
Log in to the Control Center as an administrator
For each domain that reqiures TLS delivery
Edit the domain
Under "Delivery" in "TLS Encryption" select "Require TLS encryption and don't verify certificate" or "Attempt TLS encryption"
Save your changes
The mta will attempt to validate the certificate but ignore failures and continue to negotiate an encrypted connection.
Imported Document ID: TECH134036
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe