Some more recent versions of the Firefox and Chrome web browsers do not trust signed TLS certificates whose signing request was generated using the Messaging Gateway certificate configuration page. The signed certificate is considered insecure and invalid even though it has a valid certificate authority signature.
Certificate signing requests (CSR) generated by some versions of Messaging Gateway do not contain the subjectAlternativeName attribute which can be interpreted by more recent we browsers as less secure.
This has been resolved with the SMG 10.6.4 release. The subjectAlternativeName extended attribute will now be set for new CSRs. This will not, however, correct the web browser behavior with respect to existing signed certificates.
Google Chrome can be configured to use the certificate Subject Common Name (CN) when the Subject Alternative Name (SAN) is missing from the certificate. Please see TECH240507 for details.