Javamail how to connect to IMAPs mail server, without certificate Validation

Question

I'm trying to connect my Java application to a IMAP server mail on 993, in a test environment.

I'm trying to ignore the certificate validation ,using a recommendation from previous answers to a similar question, as follows:

imapProps.put("mail.imaps.ssl.checkserveridentity", "false");
imapProps.put("mail.imaps.ssl.trust", "*");

but it doesn't seem to work, I'am still getting an exception.

Cannot process current mailbox => sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:727)

So my question is, is it actually possible to use IMAPS protocol to connect to a mail server,without having to check or validate the certificate ?

If it is, choosing to ignore the certificate validation wouldn't it be a 2 sides decision then? JavaApp and the mailServer ?

Rule 1: Choosing to ignore validation is as a bad as not using SSL at all. It is way better to fix it (eg, by importing the private certificate or trust anchor into the client store, or configuring the SSLContext appropriately). — Max, Dec 05 '19 at 17:37
What version of JavaMail? Are you sure you're using the "imaps" protocol and not the "imap" protocol? What protocol name do you use when you call getStore? — Bill Shannon, Dec 05 '19 at 18:19
You cannot simply ignore the certificate validation. What you can do is write a [TrustManager that accepts what you want](https://stackoverflow.com/q/19005318). That'll work. I use 147 lines of code to do something rather similar. But ask yourself first: do you want to write about a hundred lines of code to do nothing, or do you want to check certs? — arnt, Dec 06 '19 at 07:43
As I mentioned in my post, it is a test environment, where i only have control the java app, but not mail server. @Bill Shannon i'm using Javamail 1.5.5, i use imap to call getStore. — Hossam Oukli, Dec 06 '19 at 09:10
@BillShannon, your hint actually solved my problem, I was using 'imap' in get Store, while having 'imaps' in my imapProps. If you don't mind adding your comment as an answer, for better visibility. Thank you — Hossam Oukli, Dec 06 '19 at 09:39

score 1 · Accepted Answer · answered Dec 06 '19 at 17:41

1

You need to use the same protocol name in both the properties and in the getStore method call. So, since you're setting the imaps properties, you should be using Store s = session.getStore("imaps");

answered Dec 06 '19 at 17:41

Bill Shannon

29,579
6
38
40

Javamail how to connect to IMAPs mail server, without certificate Validation

1 Answers1