Sender domain reports certificate expired when requesting the newly installed TLS certificate from the Symantec Messaging Gateway.


Article ID: 156535


Updated On:


Messaging Gateway


You have recently installed a new certificate to the Symantec Messaging Gateway control center. It reports that it is good for at least a year. You have configured the software to utilize this certificate for TLS. One or more domains are reeporting that when they attempt TLS exchanges with the gateway, the certificate that they are handed has expired. You want to know how to resolve this.


The two most probable causes would be that the scanner didn't process the new certificate, or the reporting domain has cached the previous certificate data.


To reprocess the certificate to the scanner, log into the control center and do the following:

  1. Click Administration
  2. Click  Configuration
  3. Edit the scanner configured for TLS
  4. Click the SMTP tab.
  5. Uncheck 'accept TLS' for the inbound MTA
  6. Click Save.
  7. Recheck 'accept TLS' for the inbound MTA
  8. Click Save.


If the information is cached on the sending domains end, then they will need to flush out that information.

If these options do not work, or do not apply in this instance, please contact  Symantec Technical  Support for further assistance.