I would like to configure ARIS Connect 10 to use authenticated SMTP to talk with our Exchange server. Mailserver and port are OK, as should be the SSL mode (STARTTLS), but there seems to be a certificate problem

2019-08-09 08:00:43,871|ERROR|umcbundle0000000000|||0000000010|pool-27-thread-1|EmailDispatcher$DispatchJob - Failed to send email notification: unable to find valid certification path to requested target
2019-08-09 08:00:43,873|ERROR|umcbundle0000000000|||0000000010|pool-27-thread-1|EmailDispatcher - org.apache.commons.mail.EmailException: Sending the email to the following server failed : [mail server]:587
    at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1469)
    at org.apache.commons.mail.Email.send(Email.java:1496)
    at com.aris.umc.notification.EmailDispatcher$DispatchJob.run(EmailDispatcher.java:186)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
    at javax.mail.Service.connect(Service.java:317)
    at javax.mail.Service.connect(Service.java:176)
    at javax.mail.Service.connect(Service.java:125)
    at javax.mail.Transport.send0(Transport.java:194)
    at javax.mail.Transport.send(Transport.java:124)
    at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1459)
    ... 5 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
    at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:447)
    at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)
    ... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
    at sun.security.validator.Validator.validate(Validator.java:262)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
    ... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
    ... 28 more

I added a certificate for our domain to the keystore (assuming it was [ARIS10.0 folder]\server\jre\lib\security\cacerts), using keytool in the jre\bin folder

Now I don't know if I still fail because

  1. I used the wrong keystore
  2. The keystore has to be configured somehow
  3. The certifcate was of the wrong type 

I am quite sure that 3 is the case, because I was searching in the dark. The certificate was a valid domain wildcard signed by GlobalSign, but had nothing specifically about the server ARIS Connect is running on nor the Exchange server.

I'd appreciate help.

Tags: ARIS 10 ARIS Connect Configuration