TLDR; For some reason despite importing the certificate into the CACERTS file I can't pull mail from a mail server.
I have an instance of service desk locally hosted. It was working fine receiving mails without a problem and then suddenly stopped.
Now when I try to connect I get one of the following depending on the method I have selected.
1. Using secure IMAP on port 993 I get "unable to find valid certification path to requested target"
2. Using IMAP on port 143 I get "No login methods supported!"
3. Using POP on port 119 I get "Connection refused (Connection refused)"
4. Using secure POP on port 995 I get "Connection refused (Connection refused)"
I have received the certificate provided for the mail server and imported it in to the CACERTS file that the instance of java that Jira uses has (and just in case I've also added it to every cacerts file I can find on the server) and restarted Jira but with no luck.
Hosting server is Oracle Linux 6, Java version is 1.8.0_181 (I know, it needs patching)
Error in the logs is
2019-09-25 10:59:04,678 ERROR  Caesium-1-1 ServiceRunner Messaging Error when MailPullerWorker pulls emails from <redacted_user>@<redacted domain>: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This means one of two things.
Thanks for getting back to me.
I think you're right on the first part (the certificate is installed on all the cacerts, but the one I believe jira is using is the <jira-bin-home>/jre/lib/cacerts file).
The second I'm trying to work on.
I've installed MUTT on the jira server and with that I can connect to the mail server with IMAP without any issue. It does come up with a note about the certificate at the start (it says "This certificate belongs to <servername>" and "This certificate was issued by <servername>" and finally "This certificate is valid" and a date range that the certificate is valid for.
I'm not sure what else to check.
I've also used SSLPoke to test the connection.
If I SSLPoke to port 993 I get the error:-
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
If I SSLPoke to port 443 I get "Successfully connected"
Not sure if that proves anything though.
You need to import the signing certs for your CA. I suspect your cert is signed by an internal CA, (or maybe even self signed)
So your cacerts file needs to have the certs for your CA (hence the name, ca certs)
Thats what is it complaining about. It cant validate that whoever signed your imap cert it itself valid. That is the certification path.
And the file should be in the "security" subdirectory,
Hi Atlassian Community! This is Teresa from the Atlassian team. My colleague Paul Buffington @Buff and I are excited to share a brand new ITSM resource we’ve created – "The Complete Guide to At...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event