I know there are a lot of question regarding the same thing on SO, but I don't seem to have found the solution for my problem yet.
I am using JavaMail API to connect to a mail server. Initially I used the port 110 to connect to pop3 server and that is when I got the following exception -
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I changed the port to 995 and got the following exception -
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Code for connecting to the server:
Properties props = System.getProperties();
props.setProperty("mail.store.protocol", "pop3");
props.setProperty("mail.pop3.ssl.enable", "true");
Session session = Session.getInstance(props, null);
store = session.getStore("pop3");
store.connect(ServerName, Port, UserName, Password);
Where am I going wrong? Any advice would be helpful. Thanks in advance.
The first error message says it all. You're attempting SSL to a plaintext port. Try disabling SSL, or use the correct port for SSL.
The second one says that your truststore doesn't trust the server certificate. If it's self-signed, you will need to import it into your truststore.
Related
I am trying to write a program for connecting LDAP server using java code..
Connection Type - SSL
I am getting SSLHandshakeException which says I will have to use 'server certificate' to establish ssl connection -
javax.naming.CommunicationException: :636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Could anyone please suggest how to download SSL certificate from the server using java code and then use that certificate while connecting to LDAP ?
Here are the solutions i have tried, but i did not work -
How to read a Certificate attribute (caCertificate) from LDAP server (Java)?
How to make a call, via Java, with ssl and certificate to an ldap (AD)?
NOTE - I cannot override functionality of certificate verification/validation using custom socket factory
After applying the latest Windows Updates I'm getting an:
Error 500--Internal Server Error
trying to access my URL using HTTP (not HTTPS!) protocol.
Looking in Weblogic logs, I found this error:
ServletContext#199346236[app:analytics module:analytics path:/analytics spec-version:2.5 version:11.1.1]] Root cause of ServletException.
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed
How can I solve this issue?
I don't know where I can find this expired certificate and if this is the real problem because I'm not using an HTTPS protocol trying to access my site.
You will have to find the location of your certificates first or your certificates are located in your keystore. If so, you can display content of your keystore and check which certificates you have.
Do you use Weblogic in combination with OSB? If yes, then the keystore is propably configured in your Enterprise Manager. If not, then your keystore is configured on Weblogic level which can be found at servers -> keystores tab
I don't know if this is the solution but let's try it out.
I have a problem connecting to a SMTP Server with Apache Commons Mail. I have tried everything but the only thing I can find online is for Java Mail.
This is my error:
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have seen that you can fix the issue on Java Mail with props.put("mail.smtp.ssl.trust", "smtp.gmail.com"); for example, but I can't a equivalent command to use on Apache Commons.
If you're really connecting to Gmail, you shouldn't need that. The Gmail certificate will be trusted by the default trust store. If you've configured a non-default trust store, add the Gmail certificate to that trust store using the InstallCert program.
I'm trying to connect to a mail server which uses StartTLS with a self signed certificate via Java mail API.
And that seems to be a problem, because i can't find any way to set accepted certificates or a truststore for StartTLS.
Properties props = new Properties();
props.put("mail.imap.starttls.enable", "true");
props.put("mail.imap.starttls.required", "true");
Session session = Session.getInstance(props);
Store store = session.getStore("imap");
store.connect(hostName, port, userName, userPassword);
When i run my application as is, i get this PKIX path error:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I would prefer not to use VM parameters like "-Djavax.net.ssl.trustStore" because i want to be able to control trusted certificates per access.
Sidenote: I've seen people use "mail.imap.socketFactory.class" to set their own implementation of SocketFactory with a self defined TrustManager.
But when i do that my connection fails with
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
I think this is because setting the socket factory will actually use SMTP over SSL instead of StartTLS (which starts as a plain text connection and switches to TLS later).
I have this working for an SMTP connection (not IMAP) using com.sun.mail:javax.mail:1.5.5 and (root) certificates loaded from a (not so standard) pfx-file. The properties given to Session.getInstance(props) are build in the following manner (see also the API-docs here and here, I think you can simply replace smtp with imap for most of the properties):
"mail.transport.protocol", "smtp"
"mail.smtp.host", "hostname"
"mail.smtp.port", "25"
"mail.smtp.connecttimeout", "5000" // 5 seconds
"mail.smtp.timeout", "50000" // 50 seconds
"mail.smtp.ssl.protocols", "TLSv1.2"
"mail.smtp.starttls.required", "true"
Now build a SSL Socket Factory using com.sun.mail.util.MailSSLSocketFactory (read the API-docs in the link):
MailSSLSocketFactory sslSocketFactory = new MailSSLSocketFactory("TLSv1.2");
Create and intialize a (default) KeyManagerFactory kmf (e.g. by loading a keystore).
Create and intialize a (default) TrustManagerFactory tmf.
Call sslSocketFactory.setKeyManagers(kmf.getKeyManagers()) and sslSocketFactory.setTrustManagers(tmf.getTrustManagers())
Set property "mail.smtp.ssl.socketFactory" to the sslSocketFactory instance (use the props.put(k,v)-method). Note that the socket factory instance that was created and configured is set, not some String or class. Javamail will use the set socket factory instance directly.
Use the properties to create a session.
Make sure you have logging configured properly and set it to TRACE for com.sun.mail. Logging shows exactly what is "going over the line" and in my case shows for example:
DEBUG com.sun.mail.smtp - Found extension "STARTTLS", arg ""
...
TRACE com.sun.mail.smtp.protocol - STARTTLS
TRACE com.sun.mail.smtp.protocol - 220 Ready to start TLS
On a side note: creating a default keystore and trustore can be done using this SslUtils class, methods loadKeyStore(null) and createDefaultTrustStore() (I created this utility class a while ago to help me load the not-so-standard pfx-files).
I am new to code signing and certificates. Short description: I connect to a Alfresco repository to download some documents to the client using OpenCMIS. Everything is working fine until I tested is with our test server which uses SSL (HTTPS Url) connections. Here I get an exception
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I have no experience with such things and dont know what I have to do so my application is running properly? I have read I have to use the certificate or a truststore or something? But what exactly I need to do? Can someone help me please?
EDIT: I should have mentioned that I am developing a java web start application. Is there a solution in which I dont have to manually install the certificate to the local truststore?
EDIT2: Okay since I have to import the certificate on every computer this is no longer an option and I will use the workaround which ignores the verification of the certificate.
Thank you anyways guys!!!
i tried this long back for similar problem, and was working.
System.setProperty("javax.net.ssl.trustStore", "");
System.setProperty("javax.net.ssl.trustStorePassword", "");
System.setProperty("javax.net.ssl.trustStoreType", "");
Security.ssl.allowUnsafeRenegotiation", "true");
System.setProperty("javax.net.ssl.keyStore", "");
System.setProperty("javax.net.ssl.keyStorePassword", "");
System.setProperty("javax.net.ssl.keyStoreType", "");
System.setProperty("sun.security.ssl.allowUnsafeRenegotiation", "true");
Also the same can be achieved by configuring the trustore and keystore in the application server you are using.
Issue is with certificates not getting imported correctly.
I hope below links will help you out.
Link1
Link2