search cancel

Error message "451 4.7.5 4.7.0 [internal] ssl cert must be signed by a valid ca"

book

Article ID: 162449

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Symantec Messaging Gateway (SMG) is unable to deliver outbound emails to one or more domains with enforced TLS (require TLS encryption and verify certificate).

"451 4.7.5 4.7.0 [internal] ssl cert must be signed by a valid ca" can be seen in the Message Audit Log.

 

Cause

The destination domain presents a CA certificate, that the SMG is unable to verify, because it does not have the relevant root and/or intermediary certificates installed. This might happen, if the relevant certificates are corrupted or for any reason unavailable.

Resolution

It should be verified, that all necessary root and intermediary certificates of the CA certificates which the destination domain is using, are actually present on the SMG.

A potential workaround would be to use "Optional delivery encryption" options:

- Require TLS encryption and don't verify certificate

- Attempt TLS encryption