Office 365 - 454 4.7.5 certificate validation failure

Recently working for a client as part of an Exchange 2013 Hybrid deployment with centralised mail transport they were not receiving email at EOL from their on-prem environment. An "454 4.7.5 certificate validation failure" was logged on the server.

I found the problem was due to the configuration of the TLS certificate. They were using an cert for their CAS server/URL's but had a * certificate on their Edge server's. I resolved the issue by installing the wildcard certificate on the CAS boxes and re-running then Hybrid configuration wizard, but I could of also installed the certificate on the edge servers.

Another issue it could have been if the certificate had expired/renewed and the send connector had not been updated. which is documented by David Smith at -

Open Exchange Management Shell on the on-premises Exchange server
Run Get-ExchangeCertificate, and note the Thumbprint of the correct certificate to be used. 

Run $cert = Get-ExchangeCertificate -Thumbprint <thumbprint>

Set a new variable and assign it the concatenated values of the Issuer and Subject values of the certificate (must also include <I> and <S> before each field):

$TLSCert = (‘<I>’+$cert.issuer+'<S>’+$cert.subject)

Update the send connector with the new values

Set-SendConnector -Identity “Send Connector Name” -TLSCertificateName $TLSCert

Another article in relation to this is by Paul Cunningham