Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,298,274
Community Members
 
Community Events
165
Community Groups

Crowd - Mail config error - "unable to find valid certification path to requested target"

I'm trying to configure Crowd for outbound mail (AWS SES, email-smtp.us-east-1.amazonaws.com which is available through ports 25, 465 or 587).

I configured SMTP with login credentials (via Crowd console).

I verified connectivity and authentication at the command line, via "openssl s_client -crlf -quiet -starttls smtp -connect email-smtp.us-east-1.amazonaws.com:587".

I cannot send mail. Here are the errors in Crowd when I try ...

With port 587 configured:
Unrecognized SSL message, plaintext connection?

With port 465 configured:
unable to find valid certification path to requested target

After reading up online I tried importing the certificate via "keytool -import", which I verified via "openssl x509 -fingerprint" and "keytool -list -keystore". It all looks good however I'm still getting the unable to find valid certificate file error.

I read up on the following (but have NOT tried it yet):
-Djavax.net.ssl.trustStore=trustStore
Crowd is version: 2.6.5 (Build:#607 - 14-08-2013)
I'm not sure if I'm on the right path, or misssing something. Can somebody help point me in the right direction? Is there any more information I need to provide?

In an effort to make sure this isn't a configuration issue or connectivity issue here are some further tests...

Port 25 (Use SSL NOT selected):

Could not send email to email@mail.com. Reason:220 Ready to start TLS

Port 25 (Use SSL selected):

Caused by: javax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 25;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Port 10 (Use SSL selected):

...AFTER A LONG WAIT...

Caused by: javax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 10;
nested exception is:
java.net.ConnectException: Connection timed out

2 answers

1 accepted

0 votes
Answer accepted

After looking further into the issue I decided to give "-Djavax.net.ssl.trustStore=trustStore" a shot.

I pointed the trust store to my cacerts folder (that's where I had already imported my mail certificate), restarted crowd and was able to send mail without errors.

There error message was kind of pointing to this as the problem, though it wasn't clear to me that it wasn't already looking at the global cacerts.

0 votes

Unfortunately I'm not familiar with Amazon's SES offering; if you don't get any helpful responses here you may want to raise a support request for Crowd so our friendly support team can help you troubleshoot.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence

An update on Confluence Cloud customer feedback – June 2022

Hi everyone, We’re always looking at how to improve Confluence and customer feedback plays an important role in making sure we're investing in the areas that will bring the most value to the most c...

169 views 1 3
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you