This article contains supportability information with regards to Secure Sockets Layer (SSL) Unified Communications Certificates (sometimes called multi-domain SSL certificates) and email delivery using Symantec Messaging Gateway 10.5.x
Email delivery may fail to a non-local domain where TLS encryption delivery is required and verification of the certificate is enabled.
The Message Audit Log (MAL) shows the following error: 451 4.7.5 [internal] remote node ssl certificate not signed by a valid ca
Furthermore, a debug-level log of the Mail Transfer Agent (MTA) will show the following additional details:
2014 Jul 7 11:47:02 CEST (info) ecelerity:  Subject Common Name not found
2014 Jul 7 11:47:02 CEST (notice) ecelerity:  ec_ssl_ctx 0xd15e9fc0 tls_verify_validca failed
Symantec Messaging Gateway requires that multi-domain (UCC, SAN) certificates contain a valid CN Subject field.
In order to resolve this behaviour, a new certificate should be generated with the CN field present and with valid data in it.
Below is an example of a (self-signed) multi-domain certificate satisfying all requirements for Messaging Gateway.