Issue:
Recipients of encrypted mails are receiving warnings about untrusted pages and/or certificates when attempting to view messages.
Looking up the MSG address using an SSL checker gives the following type of reply:
"The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate."
Resolution:
The result from the SSL checker points to a missing intermediate certificate. This can be acquired from the Certificate Authority (CA) and added to the MSG server certificate using the instructions below:
- Download the required intermediate certificate in PEM-format from your Certificate Authority
- Download the MSG server-certificate in PEM-format from the appliance web UI: System -> Certificates -> Certificates, use the Download...-button to the right of the certificate
- Open the PEM-file downloaded from the MSG-appliance in your text editor of choice
- To the end of this file, add the content of the intermediate certificate PEM-file and save it as a new PEM-file
- Import the new certificate file into the MSG-appliance: System -> Certificates -> Certificates, use the Import-button above the certificate list
- Take the new combined certificate in use by distributing it to the master and agent(s): System -> Certificates -> Services
Article no: 000013333