• Mail flow from the Symantec Messaging Gateway (SMG) to a Office 365 host has stopped
• SMG has valid TLS certificates

454 Certificate Expired

TLS unable to complete the verification against Office 365 server because the Office 365 Certificate is expired/invalid/misconfigured.
 

Workaround

• Temporarily change the protocol operation for the domain in question: Protocols > Domains > "UserDomain" > Delivery > RLS Encryption Section
• Change the radio button to "Require TLS encryption and don't verify certificate"

Solution

• Solution is to contact Microsoft for resolution of the certificate issue in the Office 365 configuration.