Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

SMTP over TLS is not working after importing certificate on InterScan Messaging Security Suite (IMSS)

    • Updated:
    • 24 Nov 2016
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • Platform:
    • Windows 2000 Advanced Server
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Standard

After you import your own certificate, Simple Mail Transfer Protocol (SMTP) over Transport Layer Security (TLS) stops working. The tsmtpd.<date>.<count> log shows the following error:

2013/03/19 08:48:35.988[3212:3144]A0EInvalid certificate chain, root CA is not the last certificate in the chain.
2013/03/19 08:48:35.988[3212:3144]A0ELoad my certificate failed: Provided SSL certificate is invalid.. Server side SSL is disabled.


The issue happens because the certificate is imported to IMSS in Server-Root-Intermediate order instead of Server-Intermediate-Root. This violates the Request for Comments (RFC) requirement.

For more information on validating the certificate’s order, refer to this IETF document: RFC 5246 – The Transport Layer Security (TLS) Protocol Version 1.2.

To resolve the issue:

  1. Using a text editor, create a new text file and name it Server-Intermediate-RootCA.cer.
  2. Open the Server-Intermediate-RootCA.cer file and paste the three certificates in the following order:

    ----(Put server certificate here)---
    -----END CERTIFICATE-----
    ----(Put intermediate CA certificate here)---
    -----END CERTIFICATE-----
    ----(Put root CA certificate here)---
    -----END CERTIFICATE-----

    Double-check the file and make sure there are no Carriage Returns (CRLFs) at the top and bottom.
  3. Create another text file and name it private.key.
  4. Open private.key and paste the private key string.
  5. Log in to the IMSS console and export the self-signed certificate currently installed.
  6. Import Server-Intermediate-RootCA.cer and private.key, and then save the changes.
  7. Restart the Trend Micro IMSS SMTP Service.
Configure; Troubleshoot
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.