451 4.7.5 [internal] SSL certificate subject does not match host
Hello.
I'm hoping someone could help me zero in on an issue with Exim and Salesforce.
A client is attempting to utilise the SMTP Relay feature within the Salesforce application.
https://help.salesforce.com/s/articleView?id=sales.email_relay.htm&type=5
Everything is set up.
Host: mail.theirdomain.tld
Port: 587
TLS: Verify required
Auth is via username (email) and password
Mail sending fails with error "451 4.7.5 [internal] SSL certificate subject does not match host" which appears to be an internal TLS negotiation failure.
Do we need to set the server's hostname as the "Host" as opposed to the clients own "mail.theirdomain.tld"?
The certificate is a Let's Encrypt cert furnished by AutoSSL, it is valid and expires in 44 days.
Cert is validated via https://www.sslshopper.com/ssl-checker.html
Any help appreciated.
Thank you.
-
Hey there! No, I wouldn't expect you to need to change the hostname.
When you are checking the validity of the SSL with SSL Shopper, are you specifically checking the "mail" subdomain or just the domain in general? The fix could be as simple as changing the host to "domain.com" instead of "domain.com"
0 -
cPRex thanks for the reply and apologies for late response.
I couldn't get this to work at all using the client's domain, SSL Shopper was used to verify the SSL on the domain and subdomains and each validated. After we switched to the server's FQ hostname Salesforce worked perfectly. Given that this is now working and the client is happy we're leaving this as it is for now.
Thanks.
0 -
I'm glad you found a workaround!
0
Please sign in to leave a comment.
Comments
3 comments