Problem with TLS and email reception.


I am having problems with receiving email from some systems.  The error they get is:

Error negotiating TLS: tls: failed to parse certificate from server: asn1: time did not serialize back to the original value and may be invalid:


I am on the most recent firmware for the UTM, and can't find a way to fix this.  Is anyone else receiving this? Or have a fix for this?



  • I have not seen this error.  Whenever there is a time issue, I would begin by verifying that both systems have correct clock time.   

    Since the error is on the other end, and the complaint is about the server, it sounds like your server certificate is the problem.   This would be confirmed if the problem occurs when they are sending messages to you, since the sender initiates the connection and is therefore the client to the TLS negotiation.

    A quick web search suggests that it is an error being returned by the OpenSSL layer.    Suggest you open a Support case.

    Are you using a commercial certificate for STMP TLS, or one that UTM generated for itself?  If self-generated, it may be useful to regenerate, since it seems to think the certificate is invalid. Doing so will probably have side effects in other functions that you will need to track down.


  • Doug's suggestion is where I would start.  Normally, it's the WebAdmin certificate that's used.  You wouldn't have to delete that or replace it in other spots, just make a new one like:

    The VPN ID should be the FQDN that's the hostname of your UTM.  Just select the new cert on the 'Advanced' tab of 'SMTP Proxy'.

    Did that work for you?

    Cheers - Bob