Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Problem with pulling mail from mail server

David Ford
David Ford September 25, 2019

TLDR; For some reason despite importing the certificate into the CACERTS file I can't pull mail from a mail server.

I have an instance of service desk locally hosted. It was working fine receiving mails without a problem and then suddenly stopped.

Now when I try to connect I get one of the following depending on the method I have selected.

1. Using secure IMAP on port 993 I get "unable to find valid certification path to requested target"
2. Using IMAP on port 143 I get "No login methods supported!"
3. Using POP on port 119 I get "Connection refused (Connection refused)"
4. Using secure POP on port 995 I get "Connection refused (Connection refused)"

I have received the certificate provided for the mail server and imported it in to the CACERTS file that the instance of java that Jira uses has (and just in case I've also added it to every cacerts file I can find on the server) and restarted Jira but with no luck.

Hosting server is Oracle Linux 6, Java version is  1.8.0_181 (I know, it needs patching)

Error in the logs is 

2019-09-25 10:59:04,678 ERROR [] Caesium-1-1 ServiceRunner Messaging Error when MailPullerWorker pulls emails from <redacted_user>@<redacted domain>: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Answer
Watch
Like Be the first to like this
1517 views

2 answers

2 accepted

0 votes
Answer accepted
David Ford
David Ford September 30, 2019

Good news, it looks like the issue was at the mail server end. The IMAP services were stopped and started again and then it all started working again.

Thanks for the help everyone, looks like it was an upstream issue.

Reply
0 votes
Answer accepted
Nic Brough -Adaptavist-
Nic Brough -Adaptavist-
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
Become a leader
September 25, 2019

This means one of two things. 

  • There is no certificate installed (which I think you have ruled out, assuming one of the cacerts files you hit was in the JRE Jira is using - /opt/jira/jre/lib/security for example)
  • The certificate you've installed is not valid for the mail server you are connecting to
View More Comments
David Ford
David Ford September 25, 2019

Thanks for getting back to me.

I think you're right on the first part (the certificate is installed on all the cacerts, but the one I believe jira is using is the <jira-bin-home>/jre/lib/cacerts file).

The second I'm trying to work on.

I've installed MUTT on the jira server and with that I can connect to the mail server with IMAP without any issue. It does come up with a note about the certificate at the start (it says "This certificate belongs to <servername>" and "This certificate was issued by <servername>" and finally "This certificate is valid" and a date range that the certificate is valid for.

I'm not sure what else to check.

Like
David Ford
David Ford September 25, 2019

I've also tried using both the fqdn for the mail server and the server name itself.

Like
David Ford
David Ford September 25, 2019

I've also used SSLPoke to test the connection.

If I SSLPoke to port 993 I get the error:-

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

If I SSLPoke to port 443 I get "Successfully connected"

Not sure if that proves anything though.

Like
Andrew Laden
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 25, 2019

You need to import the signing certs for your CA. I suspect your cert is signed by an internal CA, (or maybe even self signed) 

So your cacerts file needs to have the certs for your CA (hence the name, ca certs)

Thats what is it complaining about. It cant validate that whoever signed your imap cert it itself valid. That is the certification path.

And the file should be in the "security" subdirectory, 

Like
David Ford
David Ford September 25, 2019

Good news, it looks like the issue was at the mail server end. The IMAP services were stopped and started again and then it all started working again.

Thanks for the help everyone, looks like it was an upstream issue.

Like
Reply

Suggest an answer

Log in or Sign up to answer
Jira Service Desk
Jira Service Management
TAGS
AUG Leaders

Atlassian Community Events

    See all events