Skip to content

The Remote Certificate Is Invalid According to the Validation Procedure

Q - In Elliott V8, I configure my mail server by using the internal NETBIOS name, which is "ts3" in this case.  I choose to validate and enable the SSL.  See sample screen screen below.



Then I click on the "Test" button to see if this configuration works.  I then receive the following error message:

    ERROR: The remote certificate is invalid according to the validation procedure.



What does this message mean?


 A - If you enable SSL in the Elliott SMTP configuration, the "Server" name must match the name assigned on the SSL certificate. Otherwise, certificate validation will fail and  you will get the "The remote certificate is invalid according to the validation procedure" error.

In this example, your SSL certificate could be issued for "ts3.netcellent.com." This name does  not match the "ts3" you entered in the server name field, and thus the error. If that is the case, a possible solution is to change the server name to something like "ts3.netcellent.com."  This will cause the certificate to match the server name and stop giving you this error message.  However, you may encounter a NAT (Network Address Translation) IP address issue if you go with this approach.  

Most of the organizations use NAT nowadays.  If you host your own mail server, then the external IP address for "ts3.netcellent.us" may be something like 65.212.154.135.  But internally, inside the organization's firewall, it may be 192.168.1.135 or 10.1.1.135.  

Since the certificate you purchased is most likely for external access purposes, your DNS for ts3.netcellent.com will return the external IP address. But on the other hand, if Elliott is running inside your firewall, we expect to communicate with your mail server through the internal IP address, not the external IP address.

We are suggest two solutions to resolve this delimma:

(1) Don't enable SSL in Elliott V8 configuration
Since the SMTP communication between Elliott on each workstation and the mail server is on the internal LAN, you could consider not enabling SSL without much security risk.

(2) Allow alternative name with your certificate
For example, you can purchase one single certificate that will work for both:
    ts3.netcellent.com
    mail.netcellent.com
On your DNS server, mail.netcellent.com points to something like 65.212.154.135, which is for external use.  For ts3.netcellent.com, it points to something like 192.168.1.135, which is for internal use.


Feedback and Knowledge Base