STARTTLS vs TLS issue connecting to Exchange Server

Jaymer

here's a good read
https://www.fastmail.com/help/technical/ssltlsstarttls.html

I cannot connect to an exchange server that needs the directive STARTTLS.
Doing any combination of the SLL/TLS checkboxes in Aware results in varying errors.
Older post on the forum is 3+ years. Only 1 thread with STARTTLS in it. No help.

Other people have given up connecting to Exchange server due to trouble connecting.
I think its an Aware issue and when you use another server and it works instantly, you just use that instead and this error has never been fixed.

No certificate is required in this case.
Just STARTTLS

any idea?
thx

Jaymer

I have a 2nd issue on another Exchange server.
Its inside their network, so they don't use authentication.
(which is a hard concept for us to grasp because [almost] no SMTP server out there allows just anyone to connect and sent email)

Seems aware doesn't like to connect with no user authentication whatsoever.

I'm starting to think that because its been easy to just "use another [non-Exchange] email server" when issues arose with Exchange, that these things have never fully been worked out with the framework that Vlad is using in Aware.

2 customers, can't send email.

aware_support

Aware IM does enable STARTTLS when the TLS flag is on.

What exactly is the error message returned by the Exchange server?

BenchmarkDan

If TLS is set to true: Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If NO TLS: javax.mail.AuthenticationFailedException: No authentication mechansims supported by both server and client

aware_support

This error indicates that the Exchange Server requires the caller to have a certificate. The caller in this case is Java used by Aware IM. So you need to obtain and set a certificate into Java used by Aware IM. There's plenty of documentation available on how to do this (it's not an Aware IM issue), so just Google for it.

It might be easier to change the email provider, though.

Jaymer

Vlad, yes, I saw that mentioned in the 2016 post, but the consultant at the customer replied to us:

"I set it up for port 587 and all works fine. I was able to test it and everything looks good. Port 587, Starttls, No Certificate Verification required."

So, have been going on that assumption.
Is this just a problem with Exchange servers?
Any other time I've needed to connect to a server with TLS/SSL, I've never needed to install a certificate.
We will forward this to their team and see what they can provide.
thx