Keycloak and Exchange Email Setup

Does anyone have experience with Keycloak realm settings for email successfully getting TLS and Authentication working with Exchange server? I’m running the latest Keycloak version and have an on-premise Exchange 2013 server and a receive connector with the following settings:

Authentication: TLS, Externally Secured (for relaying to external email addresses)
Permission Groups: Exchange Servers, Exchange Users
Scoping: Internal IP address of Keycloak server, Binding to All IPv4 on port 587
FQDN: public DNS name for mail server

In Keycloak – Realm Settings – Email, the following:

Host: our public DNS name for mail server
Port: 587
Enable Authentication: ON
Username: DOMAIN\username
Password: thepassword

I can send email just fine this way. When I turn on Enable StartTLS in Realm email settings, i cannot send emails. In exchange I get the following in logs:

TLS negotiation failed with error CertUnknown

The certificate Exchange is presenting is a valid wildcard domain cert from GoDaddy.

I was able to answer my own question. It was a matter of importing our wildcard domain cert into the java keystore we use for Keycloak. In this case it was in our standalone/configuration folder. Once the cert was imported I was able to send TLS enabled emails to our Exchange server.