Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Problem with pulling mail from mail server

TLDR; For some reason despite importing the certificate into the CACERTS file I can't pull mail from a mail server.

I have an instance of service desk locally hosted. It was working fine receiving mails without a problem and then suddenly stopped.

Now when I try to connect I get one of the following depending on the method I have selected.

1. Using secure IMAP on port 993 I get "unable to find valid certification path to requested target"
2. Using IMAP on port 143 I get "No login methods supported!"
3. Using POP on port 119 I get "Connection refused (Connection refused)"
4. Using secure POP on port 995 I get "Connection refused (Connection refused)"

I have received the certificate provided for the mail server and imported it in to the CACERTS file that the instance of java that Jira uses has (and just in case I've also added it to every cacerts file I can find on the server) and restarted Jira but with no luck.

Hosting server is Oracle Linux 6, Java version is  1.8.0_181 (I know, it needs patching)

Error in the logs is 

2019-09-25 10:59:04,678 ERROR [] Caesium-1-1 ServiceRunner Messaging Error when MailPullerWorker pulls emails from <redacted_user>@<redacted domain>: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

2 answers

2 accepted

0 votes
Answer accepted

This means one of two things. 

  • There is no certificate installed (which I think you have ruled out, assuming one of the cacerts files you hit was in the JRE Jira is using - /opt/jira/jre/lib/security for example)
  • The certificate you've installed is not valid for the mail server you are connecting to

Thanks for getting back to me.

I think you're right on the first part (the certificate is installed on all the cacerts, but the one I believe jira is using is the <jira-bin-home>/jre/lib/cacerts file).

The second I'm trying to work on.

I've installed MUTT on the jira server and with that I can connect to the mail server with IMAP without any issue. It does come up with a note about the certificate at the start (it says "This certificate belongs to <servername>" and "This certificate was issued by <servername>" and finally "This certificate is valid" and a date range that the certificate is valid for.

I'm not sure what else to check.

I've also tried using both the fqdn for the mail server and the server name itself.

I've also used SSLPoke to test the connection.

If I SSLPoke to port 993 I get the error:-

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If I SSLPoke to port 443 I get "Successfully connected"

Not sure if that proves anything though.

You need to import the signing certs for your CA. I suspect your cert is signed by an internal CA, (or maybe even self signed) 

So your cacerts file needs to have the certs for your CA (hence the name, ca certs)

Thats what is it complaining about. It cant validate that whoever signed your imap cert it itself valid. That is the certification path.

And the file should be in the "security" subdirectory, 

Good news, it looks like the issue was at the mail server end. The IMAP services were stopped and started again and then it all started working again.

Thanks for the help everyone, looks like it was an upstream issue.

0 votes
Answer accepted

Good news, it looks like the issue was at the mail server end. The IMAP services were stopped and started again and then it all started working again.

Thanks for the help everyone, looks like it was an upstream issue.

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Jira Service Desk

The Complete Guide to Atlassian for ITSM

Hi Atlassian Community! This is Teresa from the Atlassian team. My colleague Paul Buffington @Buff and I are excited to share a brand new ITSM resource we’ve created – "The Complete Guide to At...

2,245 views 14 22
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you