Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Crowd - Mail config error - "unable to find valid certification path to requested target"

Andrew Khoury December 1, 2013

I'm trying to configure Crowd for outbound mail (AWS SES, email-smtp.us-east-1.amazonaws.com which is available through ports 25, 465 or 587).

I configured SMTP with login credentials (via Crowd console).

I verified connectivity and authentication at the command line, via "openssl s_client -crlf -quiet -starttls smtp -connect email-smtp.us-east-1.amazonaws.com:587".

I cannot send mail. Here are the errors in Crowd when I try ...

With port 587 configured:
Unrecognized SSL message, plaintext connection?

With port 465 configured:
unable to find valid certification path to requested target

After reading up online I tried importing the certificate via "keytool -import", which I verified via "openssl x509 -fingerprint" and "keytool -list -keystore". It all looks good however I'm still getting the unable to find valid certificate file error.

I read up on the following (but have NOT tried it yet):
-Djavax.net.ssl.trustStore=trustStore
Crowd is version: 2.6.5 (Build:#607 - 14-08-2013)
I'm not sure if I'm on the right path, or misssing something. Can somebody help point me in the right direction? Is there any more information I need to provide?

In an effort to make sure this isn't a configuration issue or connectivity issue here are some further tests...

Port 25 (Use SSL NOT selected):

Could not send email to email@mail.com. Reason:220 Ready to start TLS

Port 25 (Use SSL selected):

Caused by: javax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 25;
nested exception is:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Port 10 (Use SSL selected):

...AFTER A LONG WAIT...

Caused by: javax.mail.MessagingException: Could not connect to SMTP host: email-smtp.us-east-1.amazonaws.com, port: 10;
nested exception is:
java.net.ConnectException: Connection timed out

2 answers

1 accepted

0 votes
Answer accepted
Andrew Khoury December 2, 2013

After looking further into the issue I decided to give "-Djavax.net.ssl.trustStore=trustStore" a shot.

I pointed the trust store to my cacerts folder (that's where I had already imported my mail certificate), restarted crowd and was able to send mail without errors.

There error message was kind of pointing to this as the problem, though it wasn't clear to me that it wasn't already looking at the global cacerts.

0 votes
Caspar Krieger
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
December 2, 2013

Unfortunately I'm not familiar with Amazon's SES offering; if you don't get any helpful responses here you may want to raise a support request for Crowd so our friendly support team can help you troubleshoot.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events