Question
FortiMail unsupported certificate purpose
Hi all,
I'm rather new to FortiMail and Fortinet products. Trying to configure same wildcard cert (e.g. *.domain.com) for both Exchange and FortiMail, using an internal Windows CA. The topology of email is like:
exch.domain.com > fml.domain.com > outside
While HTTPS connection is cool, FortiMail keeps complaining "unsupported certificate purpose" when it receives email from the internal Exchange server (FML acts as a server in this case in terms of TLS connection). But when outside sends email into domain.com, FortiMail happily forwards it to Exchange server (FML acts as a client in this case)
How do I start troubleshoot this case? If I were to use Secure TLS Profile to enforce, outbound mails would be rejected.
Thanks in advance.