Hello Charles,
Yes, this is the expected result as Gmail is providing a self signed certificate if its endpoints are accessed by IP (which is Axigen case) and not by name (so you do not provide the so-called SNI information when the SSL handshake occurs).
If you are using Linux please add the following line in your /etc/default/axigen (DEB system) or /etc/sysconfig/axigen (RPM system) file (preferable at the end of it):
export AXI_MIGRATION_OPT_X_TLS_IGNORE_CERT=1
and restart the axigen service.
In such way the self signed certificate provided by servers used for migration purposes will be no more rejected.
HTH,
Ioan
PS: If you really like to double-check please compare the results of the following 2 openssl commands:
$ openssl s_client -connect ``imap.gmail.com:993`` -crlf
Here you will get a certificate like:
subject=CN = imap.gmail.com
issuer=C = US, O = Google Trust Services, CN = WR2
$ openssl s_client -connect 64.233.167.109:993 -crlf
Here you will get a certificate like:
subject=OU = "No SNI provided; please fix your client.", CN = invalid2.invalid
issuer=OU = "No SNI provided; please fix your client.", CN = invalid2.invalid