We notice that the existing server cert it's self runs from October 2015 to October 2017.  It seems that the intermediate certification authority (CA) or even the trusted root CA had expired and SDP only had this CA in the local CA store.

We used the tool following the directions on this link -  https://forums.manageengine.com/topic/could-not-find-valid-certification-path-to-requested-target-so-kindly-configure-to-apply-trusted-self-signed-certificate .  Our issue with mail fetching is now resolved.

But that means that it fetches the cert from the target server and writes it to a local file (jssecacerts).  If this file is in the $MEDIR/jre/lib/security/ directory, any certs in this file will be trusted.  Note that we are now trusting the server cert directly rather than the trusted CA’s.  This means that the process will need to be repeated every time the cert changes – not ideal.

We are using Office 365.  Running SDP MSP 8.3 8310.

p.s. - I notice that helpdesk.manageengine.com is currently down?