0

I have a tomcat web application with jre6. It runs in https mode. It sends mail alerts. The application has self generated certificate as a truststore file generated using Keytool - JRE 6.

Recently upgraded the application with jre7. And I shall change the application to https mode which generates truststore file using Keytool -JRE7. Here I couldn't send mail. Throws below error. There is no change between both application code. Just the jre is difference.

javax.mail.MessagingException: Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target| at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)| at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)| at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:847)| at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:384)| at javax.mail.Service.connect(Service.java:297)| at javax.mail.Service.connect(Service.java:156)| at javax.mail.Service.connect(Service.java:105)| at com.server.util.MailServerHandler.checkMailServer(MailServerHandler.java:145)|

Java Mail Debug goes here. It stops at EHLO command.

    DEBUG: !anyLoaded|
    DEBUG: not loading resource: /META-INF/javamail.providers|
    DEBUG: successfully loaded resource: /META-INF/javamail.default.providers|
    DEBUG: Tables of loaded providers|
    DEBUG: not loading resource: /META-INF/javamail.address.map|
    DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]|
    DEBUG SMTP: useEhlo true, useAuth true|
    DEBUG SMTP: useEhlo true, useAuth true|
    DEBUG SMTP: trying to connect to host "smtp.gmail.com", port 587, isSSL false|
    250-smtp.gmail.com at your service
    250-SIZE 35882577
    250-8BITMIME
    250-STARTTLS
    250-ENHANCEDSTATUSCODES
    250-PIPELINING
    250-CHUNKING
    250 SMTPUTF8
    DEBUG SMTP: Found extension "SIZE", arg "35882577"|
    DEBUG SMTP: Found extension "8BITMIME", arg ""|
    DEBUG SMTP: Found extension "STARTTLS", arg ""|
    DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""|
    DEBUG SMTP: Found extension "PIPELINING", arg ""|
    DEBUG SMTP: Found extension "CHUNKING", arg ""|
    DEBUG SMTP: Found extension "SMTPUTF8", arg ""|
    STARTTLS
    220 2.0.0 Ready to start TLS
    EHLO rajesh-2668

Here is the smtp property I set.

mail.smtp.starttls.enable=true
mail.debug=true
mail.smtp.port=587
mail.smtp.auth=true
mail.smtp.host=smtp.gmail.com
mail.smtp.starttls.required=true
mail.smtp.timeout=10000
mail.smtp.connectiontimeout=10000

I Can't figure out what goes wrong? Do I require need any code level change or any conf changes? Please throw some lights over here as I'm stuck over a week on this. Helps are highly appreciated.

Rajesh Kumar
  • 1
  • 1
  • Same mail alerts works fine in application with jre6. Issue in application with jre7. Is there any tomcat conf changes needed to be done. Not able to send mail both TLS/SSL. Only I could able to send via plain connection smtp. – Rajesh Kumar Aug 03 '16 at 12:26
  • Perhaps http://stackoverflow.com/questions/13599234/java-mail-without-ssl-pkix-path-building-failed will help you. – Jozef Chocholacek Aug 03 '16 at 13:41
  • @JozefChocholacek Already tried importing certificate info into truststore and java cacerts. But no luck. – Rajesh Kumar Aug 03 '16 at 14:01
  • Well the obvious answer is that you didn't import the certificate into the correct truststore or you imported the wrong certificate or you imported it incorrectly in some way. You can skip certificate verification by setting the [`mail.smtp.ssl.trust`](https://javamail.java.net/nonav/docs/api/com/sun/mail/smtp/package-summary.html#mail.smtp.ssl.trust) property. – Bill Shannon Aug 03 '16 at 18:47
  • Tried with above property. Imported certificate in correct trustore. I could able to view the certificate information via browser. Nothing helped my way. Still not able to send mail, fails with same error. – Rajesh Kumar Aug 04 '16 at 12:50

0 Answers0