Unable to send outbound email when using Network Prevent for Email and Mimecast
Downstream TLS Handshake failed
reason=general SSLEngine problem
Next-hop mail server certificates have not been added to Network Prevent for Email server.
Digicert Root and Intermediate Certificate for Mimecast can be downloaded here: https://www.digicert.com/digicert-root-certificates.htm#roots
Mimecast support confirmed the following certs are used to authenticate (as of June 28, 2019):
Root Certificate: DigiCert Global Root G2
Intermediate Certificate: DigiCert Global CA G2
For steps please refer to the product documentation:
v16.0.1 - Importing Public Key Certificates to the Network Prevent for Email Server Keystore
v16.0.0 - Importing Public Key Certificates to the Network Prevent for Email Server Keystore
v15.8.x - Symantec Data Loss Prevention MTA Integration Guide for Network Prevent for Email, Version 15.8
for importing public key certificates to the Network Prevent for Email Server keystore.