Emailer SSL issue

dannywall55s · April 26, 2019, 7:57am

Hello guys,

i get an SSL issue when trying to send a Mail via Google SMTP Server. I am using the following Mail application settings:

cuba.email.fromAddress = *myMailAddress*
cuba.email.smtpHost = smtp.gmail.com
cuba.email.smtpPort = 465
cuba.email.smtpAuthRequired = true
cuba.email.smtpSslEnabled = true
cuba.email.smtpStarttlsEnable = true
cuba.email.smtpUser = *myMailAddress*
cuba.email.smtpPassword = ********************************

The error when i am e.g. try so send a mail to myself via JMX Console sendTestMail() is the following:

*my mail address* : Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Failed messages: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
	javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

i’ve already imported the smtp.google.de certificate to the java cacerts keystore via OpenSSL and Keytool. When i check for the imported certificate via

.\keytool.exe -list -v -keystore "..\jre\lib\security\cacerts" -alias smtp.gmail.com

it tells me that this certificate exists in the cacerts keystore.

Can someone tell me what i am missing? Is there a environment variable or some kind of start parameter for the tomcat server i have to set, so the tomcat knows where to look for the keystore.

Thanks in advance
Daniel

albudarov · April 26, 2019, 9:10am

Hi,
Which java version are you using?

You can try to add debug logs for SSL handshake, as desribed here: Debugging SSL/TLS connections

Some of our clients send mail via smtp.gmail.com without problems.
If it helps you, here are our email sending properties:

cuba.email.smtpPassword=xxxxx
cuba.email.smtpUser=noreply@xxxxxxx
cuba.email.smtpHost=smtp.gmail.com
cuba.email.fromAddress=donotreply@xxxxxx
cuba.email.smtpPort=587
cuba.email.smtpStarttlsEnable=true
cuba.email.smtpAuthRequired=true

artamonov · April 26, 2019, 9:25am

By the way, you should know that your e-mail address on Gmail could be banned by Google if you try to use it as e-mail sending mechanism in your applications.

dannywall55s · April 26, 2019, 12:00pm

thanks for the feedback guys.

btw is it common that you have to import the certificate manually to the java keystore?

@AlexBudarov i will try your settings later this day. thanks. is there something apart from setting those variables your had to do, to get the mailer working ?

dannywall55s · April 27, 2019, 1:43pm

Hello guys, its me again. I got it to work… sort of.

so basically i deployed the application to my Linux Debian test environment Tomcat server, tried connecting to gmail. connection failed because gmail smtp responded that my cuba application is an “unsecure app”. i disabled the “only allow secure apps” within my email account. still same issue.
so i went ahead try an strato email account. Worked brilliant. i am using the following options:

BUT: on my local windows machine where i develop with cuba studio, i still get the same issue. so it seems to be related to maybe my java installation. but on the Linux tomcat test system it works like a charm.

thanks again
best regards
Daniel