During an SMTP connection over TLS, the Encryption Management Server mail log contains a warning entry if there is a mismatch between the remote host's DNS name and the CN (Common Name) of its certificate.

For example, if Encryption Management Server is configured to proxy email to mailhost1.example.com but that host has a certificate with a common name of mail.example.com, the mail log will contain a warning entry like this:

mailhost1.example.com (DNS name) presented a TLS certificate with domain name (mail.example.com), which does not match DNS name

In Encryption Management Server releases 10.5 and 10.5 MP1, this warning message contains the name of the remote host's issuing certificate, not the remote host's end entity certificate. For example:

mailhost1.example.com (DNS name) presented a TLS certificate with domain name (Sectigo RSA Domain Validation Secure Server CA), which does not match DNS name

Encryption Management Server 10.5 and 10.5 MP1.

Upgrade to release 10.5 MP2 or above. In release 10.5 MP2 the warning message contains the common name of the end entity certificate. For example:

mailhost1.example.com (DNS name) presented a TLS certificate with common name (mail.example.com), which does not match DNS name

EPG-22724