Email problems nested exception is: javax.net.ssl.SSLHand...

If you think that something doesn't work in Aware IM post your message here
Post Reply
hpl123
Posts: 2286
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Email problems nested exception is: javax.net.ssl.SSLHand...

Post by hpl123 »

Hi support,
I have been having issues sending emails via 1 particular SMTP provider since the start of January and can´t figure out what these issues are. I have been in contact with the provider and they claim no problems from their side and I have also used the same SMTP provider from the same server (and others) without issues (and other SMTP providers work when used in the same server/Aware installation) + tried the usual disable firewall etc. etc. i.e it´s only Aware that can´t send emails through this particular SMTP. Any thoughts on what this is and how it is fixed (see below)?

The error I get in the server output is this following:

Code: Select all

javax.mail.MessagingException: Could not connect to SMTP host: send.one.com, port: 465;
  nested exception is:
	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1961)
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:654)
	at javax.mail.Service.connect(Service.java:317)
	at javax.mail.Service.connect(Service.java:176)
	at javax.mail.Service.connect(Service.java:125)
	at javax.mail.Transport.send0(Transport.java:194)
	at javax.mail.Transport.send(Transport.java:124)
	at com.bas.basserver.iopipes.EmailSink.A(Unknown Source)
	at com.bas.basserver.iopipes.EmailSink.processMessage(Unknown Source)
	at org.openadaptor.adaptor.STPipelineController.processMessage(STPipelineController.java:68)
	at org.openadaptor.adaptor.SimpleController.processMessage(SimpleController.java:1173)
	at org.openadaptor.adaptor.AbstractSimpleSource.processMessage(AbstractSimpleSource.java:403)
	at org.openadaptor.adaptor.AbstractSimpleSource.sourceProcess(AbstractSimpleSource.java:1049)
	at org.openadaptor.adaptor.AbstractSimpleSource.sourceProcess(AbstractSimpleSource.java:1007)
	at com.bas.connectionserver.iopipes.RequestReplySource.sendMessages(RequestReplySource.java:116)
	at com.bas.basserver.channels.ChannelManager.A(Unknown Source)
	at com.bas.basserver.channels.ChannelManager.sendNotifications(Unknown Source)
	at com.bas.basserver.bsmanager.E.A(Unknown Source)
	at com.bas.basserver.bsmanager.D.A(Unknown Source)
	at com.bas.basserver.bsmanager.E.A(Unknown Source)
	at com.bas.basserver.bsmanager.E.A(Unknown Source)
	at com.bas.basserver.iopipes.ComponentSink.processMessage(Unknown Source)
	at org.openadaptor.adaptor.STPipelineController.processMessage(STPipelineController.java:68)
	at com.bas.openadaptor.NonTransactionalController.processMessage(NonTransactionalController.java:136)
	at org.openadaptor.adaptor.AbstractSimplePipe.processMessage(AbstractSimplePipe.java:222)
	at org.openadaptor.adaptor.STPipelineController.processMessage(STPipelineController.java:68)
	at com.bas.openadaptor.NonTransactionalController.processMessage(NonTransactionalController.java:136)
	at org.openadaptor.adaptor.AbstractSimpleSource.processMessage(AbstractSimpleSource.java:403)
	at org.openadaptor.adaptor.AbstractSimpleSource.sourceProcess(AbstractSimpleSource.java:1049)
	at org.openadaptor.adaptor.AbstractSimpleSource.sourceProcess(AbstractSimpleSource.java:1012)
	at com.bas.openadaptor.MTJMSListener$JMSMessageHandler.run(MTJMSListener.java:275)
	at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:549)
	at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:354)
	at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:237)
	at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1927)
	... 31 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:230)
	at sun.security.validator.Validator.validate(Validator.java:260)
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
	... 42 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
	... 48 more
Henrik (V8 Developer Ed. - Windows)
hpl123
Posts: 2286
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by hpl123 »

Update:
The same server/Aware installation can send emails via this 1 SMTP provider when not using SSL or TLS so it´s something with the SSL/TLS in Aware.
Henrik (V8 Developer Ed. - Windows)
T0M
Posts: 21
Joined: Mon Jan 28, 2019 9:37 am
Location: Central Europe

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by T0M »

With sendgrid I experienced that same thing (I guess).

It only worked when leaving SSL/TLS tickboxes unchecked in system settings. (But still using correct SSL/TLS port number)

Did not experimented/tested further.. as I did not have the balls to touch the email setup again once it worked.
8.2 (Build 2570) | MySQL | Win 2016 | UpCloud | == Arabica && || Robusta
Rennur
Posts: 1172
Joined: Thu Mar 01, 2012 5:13 am
Location: Sydney, Australia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by Rennur »

Instead of a SSL connection port 465, try TLS port 587.
intra
Posts: 267
Joined: Thu Oct 11, 2012 1:30 pm
Location: Australia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by intra »

This sounds more like a certificates problem due to the following message in your error trace

"unable to find valid certification path to requested target"

What version of JDK are you using, recent?

Maybe add the remote server's certificate to allow it to trust the connection (endpoint) across port 465.
Avid Linux user....
intra
Posts: 267
Joined: Thu Oct 11, 2012 1:30 pm
Location: Australia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by intra »

Avid Linux user....
hpl123
Posts: 2286
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by hpl123 »

I am using 8.2 of Aware with default stuff so no JDK upgrade or the like and yes this is some SSL handskake type problem (having researched it a bit). One of the suggestions I read about was something with adding the providers SSL certificate to the server but having to do this to be able to use a mail/SMTP client seems odd and I wonder if Aware is the culprit or the actual provider (this started out of the blue start of January and is peculiar).
Henrik (V8 Developer Ed. - Windows)
aware_support
Posts: 7196
Joined: Sun Apr 24, 2005 12:36 am
Contact:

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by aware_support »

This exception is typically thrown when a server that Aware IM calls requires the caller to present an SSL certificate. A caller is Java in this case. No idea why this particular server requires this. So you may need to install a certificate into the Aware IM JDK if you need to use this server (Google how to do this - it has nothing to do with Aware IM).
Aware IM Support Team
hpl123
Posts: 2286
Joined: Fri Feb 01, 2013 1:13 pm
Location: Scandinavia

Re: Email problems nested exception is: javax.net.ssl.SSLHan

Post by hpl123 »

Ok, thanks and I will look into adding the certificate.
Henrik (V8 Developer Ed. - Windows)
weblike
Posts: 1163
Joined: Sun Dec 02, 2012 12:00 pm
Location: Europe

Re: Email problems nested exception is: javax.net.ssl.SSLHand...

Post by weblike »

Hello Henrik,

Have you found a solution for this problem?

I have almost the same problems with my users, they want to use their own smtp servers, but it's not an option to import a SSL for each smtp they want to use..
There is an easier solution for this problem?

Thank you.
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
weblike
Posts: 1163
Joined: Sun Dec 02, 2012 12:00 pm
Location: Europe

Re: Email problems nested exception is: javax.net.ssl.SSLHand...

Post by weblike »

Thanks to Rennur's GIT documentation I have managed to correct this by replacing mail.jar with specified version in this link:
https://github.com/RennurApps/AwareIM-resources

Download JavaMail
javax.mail.jar

Installation
In v8.3+, rename javax.mail.jar to mail.jar and replace the one in C:\AwareIM\lib
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
himanshu
Posts: 665
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:

Re: Email problems nested exception is: javax.net.ssl.SSLHand...

Post by himanshu »

There is cacert file under the AwareIM/JDK/lib/security folder, you need to import your SSL certificate into this keystore which will fix the issue.
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
weblike
Posts: 1163
Joined: Sun Dec 02, 2012 12:00 pm
Location: Europe

Re: Email problems nested exception is: javax.net.ssl.SSLHand...

Post by weblike »

Thank you for your reply.
Not needed to import the certificate, just replaced the file mail.jar with the one mentioned in Rennur github docs.

Having a Saas application it's difficult to import each certificate of each server which users want to use. It should be dynamic.
Thx,
George
________________________________
Developer Edition
AwareIM: v8.5, build 2824
OS: Windows Server 2012
DB: MySql 5.6.42
himanshu
Posts: 665
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:

Re: Email problems nested exception is: javax.net.ssl.SSLHand...

Post by himanshu »

Good to know the other way! Well importing cert also fixed the issue at my end. :)
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Post Reply