DLP: Outbound email fails with "Downstream TLS Handshake Failed" with Mimecast as the Upstream MTA
search cancel

DLP: Outbound email fails with "Downstream TLS Handshake Failed" with Mimecast as the Upstream MTA

book

Article ID: 175301

calendar_today

Updated On:

Products

Data Loss Prevention Network Prevent for Email

Issue/Introduction

Unable to send outbound email when using Network Prevent for Email and Mimecast

Downstream TLS Handshake failed

reason=general SSLEngine problem

Cause

Next-hop mail server certificates have not been added to Network Prevent for Email server.

Resolution

Digicert Root and Intermediate Certificate for Mimecast can be downloaded here: https://www.digicert.com/digicert-root-certificates.htm#roots

Mimecast support confirmed the following certs are used to authenticate (as of June 28, 2019):

Root Certificate: DigiCert Global Root G2

Intermediate Certificate: DigiCert Global CA G2

For steps please refer to the product documentation: 

v16.0.1 - Importing Public Key Certificates to the Network Prevent for Email Server Keystore

v16.0.0 - Importing Public Key Certificates to the Network Prevent for Email Server Keystore

v15.8.x - Symantec Data Loss Prevention MTA Integration Guide for Network Prevent for Email, Version 15.8

for importing public key certificates to the Network Prevent for Email Server keystore.

Powered by Wolken Software