01-09-2020 08:13 AM
Hi,
I've setup TLS and certificate on my cisco c170, i've used https://www.checktls.com/TestReceiver and everything is OK and 100% but i have a sender that is using minecast that seems to have this error when they're sending encrypted emails:
"Unable to negotiate Opportunistic TLS due to Received fatal alert: unknown_ca"
Is there something i need to change on the c170 device?
Thanks
01-09-2020 09:02 AM
01-10-2020 12:19 AM
Yes its signed by RapidSSL
01-09-2020 09:54 AM
Hello,
One thing to note would be that CheckTLS automatically rearranges (or corrects if not already) your certificate chain. So, that is one thing you'll want to confirm. You can check this by selecting the certificate on the ESA and then confirming the chain is in the correct order.
Correct chain example:
Server Certificate: esa1.abc.com issued by ca-int.xyz.com
Intermediate Certificate: ca-int.xyz.com issued by ca-root.xyz.com
Incorrect chain example:
Server Certificate: esa1.abc.com issued by ca-int.xyz.com
Intermediate Certificate: ca-root.xyz.com issued by ca-root.xyz.com
If the chain is correct then it is most likely one of two things, either the ESA does not trust the Mimecast CA or Mimecast does not trust the ESA CA.
Thanks!
-Dennis M.
01-10-2020 12:37 AM
01-13-2020 10:27 AM
Please ask your customer to open a ticket with MimeCast and ask them to disable certificate verification for your domain.
Had this 2 x in last 36 months, dont know why but this is the only workaround possible.
01-15-2020 05:53 AM
What does the output show on the ESA itself? Can you share a screenshot?
Thanks!
-Dennis M.
01-14-2020 10:06 AM
MIMECast does cert validation which requires the hostnames, certnames and trusts to be correctly aligned. Since they only have a subset of CA chains in their store we had to ask them to disable some of those features for us in the past.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide