ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Messaging Gateway fails during TLS transaction to Office 365
Article ID: 172276
Updated On:
Products
Messaging Gateway
Issue/Introduction
- Symantec Messaging Gateway (SMG) is not able to communicate with Office 365 over a forced TLS connection
- Office 365 is set up with TLS connectors to SMG
- Turning off forced TLS in SMG does allow flow to work
Cause
Microsoft routinely updates their root CA certificates, in order to provide enhanced security and new cyphers.
Environment
Messaging Gateway
Office 365
Resolution
Get the current Certificate Authority root certificate
As of August 15, 2018, the current root certificates are listed in this article from Microsoft: How Exchange Online uses TLS to secure email connections in Office 365. Use this page to find out the current vendor for the root certificate and download from that vendor.
Example: On September 3, 2018, Office 365 is changing to GlobalSign Root CA – R1.
- Go to GlobalSign's root certificate page on their support.
- Download the R1 certificate.
- Convert the certificate to x509 if not in that format.
- Install the x509 certificate in the SMG.
After this point, if you turn on a forced TLS connection in the SMG, mail flow should return to normal.
For further information or troubleshooting if this fails, please contact Microsoft support.
Feedback
Yes
No
Powered by
