I had to enter in the keystore the certificate of the mail server, I got the certificate via
openssl s_client -connect mail.server.com:587 -starttls smtp
and I extracted the key from the response and added it in the jre keytore
Вопрос
I'm, having problems sending emails over smtp with TLS enabled on port 587 on Jboss5.1
the problem looks like this : sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have also tried to add the CA keys in the jre keystor with the java keytool ... It looks like i'm missing something here...any hints?
I have this settings in mail-service.xml:
<property name="mail.store.protocol" value="pop3"/>
<property name="mail.transport.protocol" value="smtp"/>
<!-- Change to the user who will receive mail -->
<property name="mail.user" value="********"/>
<!-- Change to the mail server -->
<property name="mail.pop3.host" value="**************"/>
<!-- Change to the SMTP gateway server -->
<property name="mail.smtp.host" value="************"/>
<!-- The mail server port -->
<property name="mail.smtp.port" value="587"/>
<property name="mail.smtp.auth" value="true"/>
<property name="mail.smtp.starttls.enable" value="true" />
<!-- Change to the address mail will be from -->
<property name="mail.from" value="**********"/>
<!-- Enable debugging output from the javamail classes -->
<property name="mail.debug" value="true"/>
and this is the debug log:
2013-08-08 14:24:30,031 DEBUG: JavaMail version 1.4ea
2013-08-08 14:24:30,031 DEBUG: java.io.FileNotFoundException: /usr/java/jdk1.6.0_35/jre/lib/javamail.providers (No such file or directory)
2013-08-08 14:24:30,033 DEBUG: URL vfszip:/usr/share/jboss-5.1.0.GA/server/default/deploy/4pm_services-ear.ear/jboss-seam.jar/META-INF/javamail.providers
2013-08-08 14:24:30,034 DEBUG: Bad provider entry:
2013-08-08 14:24:30,034 DEBUG: successfully loaded resource: vfszip:/usr/share/jboss-5.1.0.GA/server/default/deploy/4pm_services-ear.ear/jboss-seam.jar/META-INF/javamail.providers
2013-08-08 14:24:30,034 DEBUG: successfully loaded resource: /META-INF/javamail.default.providers
2013-08-08 14:24:30,034 DEBUG: Tables of loaded providers
2013-08-08 14:24:30,034 DEBUG: Providers Listed By Class Name: {com.sun.mail.smtp.SMTPSSLTransport=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], com.sun.mail.smtp.SMTPTransport=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc], com.sun.mail.imap.IMAPSSLStore=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], org.jboss.seam.mock.MockTransport=javax.mail.Provider[TRANSPORT,mock,org.jboss.seam.mock.MockTransport,JBoss Seam Integration Tests], com.sun.mail.pop3.POP3SSLStore=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], com.sun.mail.imap.IMAPStore=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], com.sun.mail.pop3.POP3Store=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc]}
2013-08-08 14:24:30,034 DEBUG: Providers Listed By Protocol: {imaps=javax.mail.Provider[STORE,imaps,com.sun.mail.imap.IMAPSSLStore,Sun Microsystems, Inc], imap=javax.mail.Provider[STORE,imap,com.sun.mail.imap.IMAPStore,Sun Microsystems, Inc], mock=javax.mail.Provider[TRANSPORT,mock,org.jboss.seam.mock.MockTransport,JBoss Seam Integration Tests], smtps=javax.mail.Provider[TRANSPORT,smtps,com.sun.mail.smtp.SMTPSSLTransport,Sun Microsystems, Inc], pop3=javax.mail.Provider[STORE,pop3,com.sun.mail.pop3.POP3Store,Sun Microsystems, Inc], pop3s=javax.mail.Provider[STORE,pop3s,com.sun.mail.pop3.POP3SSLStore,Sun Microsystems, Inc], smtp=javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]}
2013-08-08 14:24:30,035 DEBUG: successfully loaded resource: /META-INF/javamail.default.address.map
2013-08-08 14:24:30,036 DEBUG: !anyLoaded
2013-08-08 14:24:30,036 DEBUG: not loading resource: /META-INF/javamail.address.map
2013-08-08 14:24:30,036 DEBUG: java.io.FileNotFoundException: /usr/java/jdk1.6.0_35/jre/lib/javamail.address.map (No such file or directory)
2013-08-08 14:24:30,036 DEBUG: getProvider() returning javax.mail.Provider[TRANSPORT,smtp,com.sun.mail.smtp.SMTPTransport,Sun Microsystems, Inc]
2013-08-08 14:24:30,036 DEBUG SMTP: useEhlo true, useAuth true
2013-08-08 14:24:30,036 DEBUG SMTP: useEhlo true, useAuth true
2013-08-08 14:24:30,036 DEBUG SMTP: trying to connect to host "**************", port 587, isSSL false
2013-08-08 14:24:30,038 220 ************** Microsoft ESMTP MAIL Service ready at Thu, 8 Aug 2013 14:24:29 +0200
2013-08-08 14:24:30,038 DEBUG SMTP: connected to host "**************", port: 587
2013-08-08 14:24:30,039 EHLO **************
2013-08-08 14:24:30,040 250-************** Hello [**************]
250-SIZE 10485760
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "SIZE", arg "10485760"
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "PIPELINING", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "DSN", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "ENHANCEDSTATUSCODES", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "STARTTLS", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "AUTH", arg "GSSAPI NTLM"
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "8BITMIME", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "BINARYMIME", arg ""
2013-08-08 14:24:30,040 DEBUG SMTP: Found extension "CHUNKING", arg ""
2013-08-08 14:24:30,040 STARTTLS
2013-08-08 14:24:30,041 220 2.0.0 SMTP server ready
2013-08-08 14:24:30,041 EHLO **************
2013-08-08 14:24:30,048 ERROR
[si.arctur.fourPmServices.scheduleJobs.emailSender.MailSender] (4pm_services_QuartzScheduler_Worker-3) Error in transport email[1040]
javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1420)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1408)
at com.sun.mail.smtp.SMTPTransport.ehlo(SMTPTransport.java:847)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:384)
at javax.mail.Service.connect(Service.java:297)
at javax.mail.Service.connect(Service.java:156)
at javax.mail.Service.connect(Service.java:105)
at javax.mail.Transport.send0(Transport.java:168)
at javax.mail.Transport.send(Transport.java:98)
at si.arctur.fourPmServices.scheduleJobs.emailSender.MailSender.actualSend(MailSender.java:64)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.transaction.TransactionInterceptor$1.work(TransactionInterceptor.java:97)
at org.jboss.seam.util.Work.workInTransaction(Work.java:61)
at org.jboss.seam.transaction.TransactionInterceptor.aroundInvoke(TransactionInterceptor.java:91)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
at si.arctur.fourPmServices.scheduleJobs.emailSender.MailSender_$$_javassist_seam_8.actualSend(MailSender_$$_javassist_seam_8.java)
at si.arctur.fourPmServices.scheduleJobs.emailSender.MailChecker.checkQueue(MailChecker.java:41)
at si.arctur.fourPmServices.scheduleJobs.emailSender.MailChecker.execute(MailChecker.java:22)
at si.arctur.fourPmServices.scheduleJobs.QuartzJobBase.executeInternal(QuartzJobBase.java:94)
at si.arctur.fourPmServices.scheduleJobs.QuartzJobBase.schedule(QuartzJobBase.java:76)
at sun.reflect.GeneratedMethodAccessor383.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
at org.jboss.seam.intercept.RootInvocationContext.proceed(RootInvocationContext.java:32)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56)
at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.async.AsynchronousInterceptor.aroundInvoke(AsynchronousInterceptor.java:52)
at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68)
at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107)
at org.jboss.seam.intercept.JavaBeanInterceptor.interceptInvocation(JavaBeanInterceptor.java:185)
at org.jboss.seam.intercept.JavaBeanInterceptor.invoke(JavaBeanInterceptor.java:103)
at si.arctur.fourPmServices.scheduleJobs.emailSender.MailChecker_$$_javassist_seam_2.schedule(MailChecker_$$_javassist_seam_2.java)
at sun.reflect.GeneratedMethodAccessor382.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.seam.util.Reflections.invoke(Reflections.java:22)
at org.jboss.seam.util.Reflections.invokeAndWrap(Reflections.java:144)
at org.jboss.seam.async.AsynchronousInvocation$1.process(AsynchronousInvocation.java:62)
at org.jboss.seam.async.Asynchronous$ContextualAsynchronousRequest.run(Asynchronous.java:80)
at org.jboss.seam.async.AsynchronousInvocation.execute(AsynchronousInvocation.java:44)
at org.jboss.seam.async.QuartzDispatcher$QuartzJob.execute(QuartzDispatcher.java:243)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1764)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:654)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:100)
at com.sun.mail.util.TraceOutputStream.write(TraceOutputStream.java:101)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at com.sun.mail.smtp.SMTPTransport.sendCommand(SMTPTransport.java:1418)
... 63 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 74 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
... 80 more
Решение
I had to enter in the keystore the certificate of the mail server, I got the certificate via
openssl s_client -connect mail.server.com:587 -starttls smtp
and I extracted the key from the response and added it in the jre keytore