Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
Community Members
Community Events
Community Groups

Receiving CertPathValidatorException error for mail

When testing a mail server connection to a sendgrid mail server I'm receiving the following error:

CertPathValidatorException: Algorithm constraints check failed on signature algorithm: SHA1withRSA


When I do the same in our staging environment (which uses the same base image with the same java_home, cacerts, etc) the connection works fine.


I've turned on ssl debugging to verbose and compared the two environments logs. It appears that it finds the GoDaddy certs that Sendgrid utilizes just fine, but when our stage environment moves on to:
"|DEBUG|01 D7|http-nio-8080-exec-18|2022-09-16 17:11:51.137 GMT||Consuming ECDH ServerKeyExchange handshake message"
our production environment sees this:
"|ERROR|02 5A|http-nio-8080-exec-4 url: /secure/admin/VerifySmtpServerConnection!update.jspa; user:|2022-09-16 21:15:31.274 GMT||Fatal (UNSUPPORTED_CERTIFICATE): Certificates do not conform to algorithm constraints"

This error started occurring for us when I switched our tls cert (utilized for our jira environment) from using IBM cloud certificate manager to secret manager (due to cert manager being deprecated). The process involved exporting the cert from cert manager and importing to secret manager (giving it the key and both .pem files for cert/intermediate). Again, no issues when we did this in stage the day prior.


According to everything I've seen from searching the error we would need to update the disabledAlgorithms in, which we attempted and it did not resolve our issue.

Any insights would be greatly appreciated!

0 answers

Suggest an answer

Log in or Sign up to answer

Atlassian Community Events