Initial situation:

The SEPPmail Secure E-Mail Gateway forms the threshold to the Internet and thus directly accepts TLS connections. Checking a TLS connection from the outside, e.g. via CheckTLS (.com), indicates that the certificate integrated on the SEPPmail Secure E-Mail Gateway under SSL could not be validated even though it originates from an accredited CA.

 

Question:

What has caused the notification that the certificate could not be validated?

 

Cause:

Services like CheckTLS only know the root certificates of the common accredited CAs. In most cases, however, SSL certificates are not issued directly by the root CA but by sub-CAs. If only the SSL certificate was integrated during the import into the SEPPmail Secure E-Mail Gateway, i.e. without the intermediate certificates of the issuing sub CAs, the external service cannot complete the certificate chain, which triggers a corresponding notification.

 

Solution:First, the necessary intermediate certificates must be downloaded from the website of the issuing CA and then imported in the menu SSL by means of Import existing certificate...