Sender domain reports certificate expired when requesting the newly installed TLS certificate from the Symantec Messaging Gateway.

book

Article ID: 156535

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

You have recently installed a new certificate to the Symantec Messaging Gateway control center. It reports that it is good for at least a year. You have configured the software to utilize this certificate for TLS. One or more domains are reeporting that when they attempt TLS exchanges with the gateway, the certificate that they are handed has expired. You want to know how to resolve this.

Cause

The two most probable causes would be that the scanner didn't process the new certificate, or the reporting domain has cached the previous certificate data.

Resolution

To reprocess the certificate to the scanner, log into the control center and do the following:

  1. Click Administration
  2. Click  Configuration
  3. Edit the scanner configured for TLS
  4. Click the SMTP tab.
  5. Uncheck 'accept TLS' for the inbound MTA
  6. Click Save.
  7. Recheck 'accept TLS' for the inbound MTA
  8. Click Save.

 

If the information is cached on the sending domains end, then they will need to flush out that information.

If these options do not work, or do not apply in this instance, please contact  Symantec Technical  Support for further assistance.