Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Errors when adding Email account (SSL/TLS)

Denia Zicolella
Denia Zicolella
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 31, 2018

Dear,

When i try to add our ticket address to a project i get the following error.

"unable to find valid certification path to requested target"

I've been searing on the community page but i still don't have a solution yet. 

In C:\Program Files\Atlassian\JIRA\bin>tomcat8w //ES//JIRAServiceDesk170418102xxx
I Enabled TLS in Java with -Dmail.imap.starttls.enable=true

When I use IMAP with port 143 I get the error message from above.
When I use IMAP with port 993 (TLS) I get the error message "read Timed out"

In java in the default "cacerts" file i added our arbor.media certificates with the use of Portecle (java).

In Windows i added a new envoirment variable (JAVA_HOME) = C:\Program Files (x86)\Java\jre1.8.0_171\

Does our Email server also needs Atlassian Jira certificates?
How can I verify which path the jira software tries to take for the certificates (Windows) (to verify the right home directory is set)
I don't know what else i can try...

 

Thank you in advance!

 

Daan Krauts

Answer
Watch
Like Be the first to like this
899 views

1 answer

1 vote
Andy Heinzer
Andy Heinzer
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 31, 2018

Did you add the CA cert before you specified the JAVA_HOME?  If so, then it's possible Jira could have been using a different JRE and in turn a different cacert location for the keystore/truststore.

Also, after you set the JAVA_HOME, did you restart Jira?  I would expect this to have to take place for Jira to start up with that specific JVM.

If you've done both of these things and Jira is still having an error connecting to this secure mail server, try to follow the steps in Unable to Connect to SSL Services due to PKIX Path Building Failed.   That KB has a utility there called sslpoke.  Try following those steps from the Jira server, using the same java path Jira is using to see what results you get.   The results of this test should tell us more about this.

In most cases I don't think you need to provide any certs from Jira to the mail server to make this work.  Jira is establishing the connection, so in most cases it should be able to do this with the correct cert of that server.   I say most because I recently have seen some Exchange setups that only accept connections from specifically set senders.   See https://practical365.com/exchange-server/configuring-the-tls-certificate-name-for-exchange-server-receive-connectors/ for more details.  I'm not sure if this applies to you here, but might be helpful

Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security