I know this question has been asked many times in many different places, but for some reason, I can't seem to get it to work. I realize what the issue is, I just can't seem to figure out the yaml syntax or something simple like that.
I'm using Grails 3 with the "mail" plugin (2.0.0.RC6).
Here is a snippet of my application.yml:
grails:
serverURL: <url>
mail:
host: <host>
port: 587
username: <username>
password: <password>
props:
? "mail.smtp.auth" : true
? "mail.smtp.starttls.enable" : true
? "mail.smtp.starttls.required" : true
? "mail.smtp.socketFactory.class" : "javax.net.ssl.SSLSocketFactory"
? "mail.smtp.socketFactory.fallback" : false
? "mail.smtp.port" : 587
I've tried many combinations of quotes with no luck. The ? instead of a - indicates a map, which is what I want I think.
Here is the specific error message if it helps:
Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first
. Stacktrace follows:
java.lang.reflect.InvocationTargetException: null
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.mail.MailSendException: Failed messages: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first
at grails.plugins.mail.MailMessageBuilder.sendMessage(MailMessageBuilder.groovy:130)
at grails.plugins.mail.MailService.sendMail(MailService.groovy:53)
at grails.plugins.mail.MailService.sendMail(MailService.groovy:57)
at website.UserController.register(UserController.groovy:60)
... 3 common frames omitted
This is a custom mail server running Postfix (first time setting it up). I am able to connect to it and send mail with Thunderbird. Thunderbird is using STARTTLS and port 587 to connect. As far as I know, I haven't been able to do just SSL/TLS.
update:
I've removed the factory config and fixed the yaml map stuff. Now I'm getting another error.
grails:
serverURL: https://test.neonorb.com
mail:
host: test.neonorb.com
port: 587
username: neonorb
password: pass
props:
mail.smtp.starttls.enable: true
mail.smtp.port: 587
Here is the exception:
unable to find valid certification path to requested target. Stacktrace follows:
java.lang.reflect.InvocationTargetException: null
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at grails.plugins.mail.MailMessageBuilder.sendMessage(MailMessageBuilder.groovy:130)
at grails.plugins.mail.MailService.sendMail(MailService.groovy:53)
at grails.plugins.mail.MailService.sendMail(MailService.groovy:57)
at website.UserController.register(UserController.groovy:60)
... 3 common frames omitted
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2046)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:711)
at javax.mail.Service.connect(Service.java:366)
... 7 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:598)
at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:525)
at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:2041)
... 9 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
... 12 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
... 12 common frames omitted
According to Google, this is because the certificate is self-signed, and Java doesn't trust it. My certificate is not self-signed, and is made from Let's Encrypt.
Get rid of the socket factory properties, they're long since obsolete.
Related
I did the setup of the Cosmos DB emulator on the local machine, and started with the following parameters:
/port=443 /AllowNetworkAccess /Key=<CosmosPrimaryKey>
And currently, it is accessible via https://<LocalMachineIP>/
When I tried to make a curl request from the docker Redhat container (using docker image: confluentinc/cp-kafka-connect) it throws the below error:
curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And when trying to crate cosmos DB source connector it throws the below error:
[20 10:37:45,018] ERROR Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java (com.azure.cosmos.implementation.RxDocumentClientImpl)
[2022-05-20 10:37:45,079] ERROR unexpected failure in initializing client. (com.azure.cosmos.implementation.RxDocumentClientImpl)
java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
at com.azure.cosmos.implementation.RxDocumentClientImpl.initializeGatewayConfigurationReader(RxDocumentClientImpl.java:401)
.......
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
[2022-05-20 10:37:45,095] WARN [8e2a220b, L:/172.25.0.6:57076 ! R:/192.168.154.131:443] The connection observed an error (reactor.netty.http.client.HttpClientConnect)
shaded.io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
..........
at shaded.io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at shaded.io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at shaded.io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
.........
at shaded.io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1283)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at shaded.io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 17 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
.....................
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 31 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 37 more
I have exported the cosmos emulator .cer file using this article.
How to install it in the Docker container "kafka-connect"?
Can you post your curl request?
You need to use the -k flag to denote that it’s insecure.
curl -k https://{emulatoripaddr}:8081/_explorer/emulator.pem > emulatorcert.crt
It needs to be .crt
Then copy it to
/usr/local/share/ca-certificates/
Then install it
update-ca-certificates
Additionally you can mount a volume to the cosmos folder and save the .pem manually… /tmp/cosmos/appdata
I am trying to connect to my AWS Document DB from a local Kafka Connect Docker container using SSL. I've followed AWS documentation and created the rds-trustore.jks file from .pem file which is provided by AWS itself. Then I've set the environment variables stated here as below.
CONNECT_SSL_TRUSTSTORE_LOCATION=/path/to/my/rds-trustore.jks
CONNECT_SSL_TRUSTSTORE_PASSWORD=<password>
The problem is, when I try to register a debezium mongodb source connector with the following configuration
"mongodb.ssl.enabled": "true"
I get the error
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:421)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:182)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1426)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1336)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450)
at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:841)
at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1211)
at com.mongodb.internal.connection.SocketStream.write(SocketStream.java:99)
at com.mongodb.internal.connection.InternalStreamConnection.sendMessage(InternalStreamConnection.java:539)
... 10 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 30 more
Anybody has any ideas?
Thanks for your help!
Try adding the keystore to JVM as described in the AWS documentation
javax.net.ssl.trustStore: <truststore>
javax.net.ssl.trustStorePassword: <truststorePassword>
I am getting the following error while integrating Checkmarx on Jenkins (using windows node).
[Cx-Info]: Initializing Cx client [Cx-Info]: Logging into the Checkmarx service.
FATAL: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused:
sun.security.validator.ValidatorException: PKIX path building failed
Caused:
javax.net.ssl.SSLHandshakeException hudson.remoting.Channel$CallSiteStackTrace: Remote call to JNLP4-connect connection from xxx server
Caused:
java.io.IOException
It looks like I may need to install some certificates on Jenkins node. Has anyone faced similar issue?
Fixed after installing checkmarx certificates.
We are trying to connect Corda node to a standalone Artemis server (both are deployed in kubernetes cluster) as described in the Corda documentation. After starting the Corda node we get below error:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid cert ification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)~[?:1.8.0_212]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)~[?:1.8.0_212]
at sun.security.validator.Validator.validate(Validator.java:262)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)~[?:1.8.0_212]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)~[?:1.8.0_212]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)~[?:1.8.0_212]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)~[?:1.8.0_212]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_212]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_212]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_212]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)~[?:1.8.0_212]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1457)~[netty-handler-4.1.29.Final.jar:4.1.29.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1365)~[netty-handler-4.1.29.Final.jar:4.1.29.Final]
... 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)~[?:1.8.0_212]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)~[?:1.8.0_212]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)~[?:1.8.0_212]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)~[?:1.8.0_212]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)~[?:1.8.0_212]
at sun.security.validator.Validator.validate(Validator.java:262)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)~[?:1.8.0_212]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)~[?:1.8.0_212]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1626)~[?:1.8.0_212]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223)~[?:1.8.0_212]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)~[?:1.8.0_212]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970) ~[?:1.8.0_212]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967) ~[?:1.8.0_212]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_212]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)~[?:1.8.0_212]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1457)~[netty-handler-4.1.29.Final.jar:4.1.29.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1365)~[netty-handler-4.1.29.Final.jar:4.1.29.Final]
... 17 more
Please refer to our tutorials on deploy corda node via kubernetes at Part1 and Part2
Most likely, you have missed some steps during the setups, and your nodes are not really even started.
I have tried to go through all the solutions provided on stack overflow like adding a skip plugin or adding a certificate in keystore, still test email is failing with the below error, can someone help me with same. I am using a windows machine
Error in jenkins:sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
Caused: sun.security.validator.ValidatorException: PKIX path building failed
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
<snip>
Caused: javax.net.ssl.SSLHandshakeException
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
<snip>
Caused: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1934)
at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:638)
at javax.mail.Service.connect(Service.java:317)
at javax.mail.Service.connect(Service.java:176)
at javax.mail.Service.connect(Service.java:125)
at javax.mail.Transport.send0(Transport.java:194)
at javax.mail.Transport.send(Transport.java:124)
at hudson.tasks.Mailer$DescriptorImpl.doSendTestMail(Mailer.java:585)
<snip>
cmd prompt says Certificate already exists in keystore under alias .
Go to https://<jenkins-url>/systemInfo and look for javax.net.ssl.trustStore.
This should be the truststore where the certificate should be added.
You can open the keystore with keytool or if you prefer a GUI take a look at Keystore Explorer
The default password of the truststore is changeit.