Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


(SistemasAgp) #1

Recently, our SMTP server, renewed its SSL certificate.
Since this moment, Graylog cannot send notifications through our SMTP server.
How can I accept the new SSL cert?

The error at website is:

Could not send test alert notification
Sending test alert notification failed with message: Sending the email to the following server failed : correo.xxxxxxxxxx.com:587

(domain name changed)

And the error in /var/log/graylog-server/server.log is:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:1.8.0_121]
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:1.8.0_121]
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_121]
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_121]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_121]
	at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_121]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_121]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_121]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_121]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496) ~[?:1.8.0_121]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_121]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_121]
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_121]
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_121]
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_121]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_121]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_121]
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:543) ~[graylog.jar:?]
	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:480) ~[graylog.jar:?]
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1994) ~[graylog.jar:?]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:709) ~[graylog.jar:?]
	at javax.mail.Service.connect(Service.java:386) ~[graylog.jar:?]
	at javax.mail.Service.connect(Service.java:245) ~[graylog.jar:?]
	at javax.mail.Service.connect(Service.java:194) ~[graylog.jar:?]
	at javax.mail.Transport.send0(Transport.java:253) ~[graylog.jar:?]
	at javax.mail.Transport.send(Transport.java:124) ~[graylog.jar:?]
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[graylog.jar:?]
	... 33 more

Another message at Graylog website:

An error occurred while trying to send an email! (triggered an hour ago)
The Graylog server encountered an error while trying to send an email. This is the detailed error message: org.apache.commons.mail.EmailException: Sending the email to the following server failed : correo.xxxxxxxxx.com:587 (javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target)


(Jochen) #2

The error message you’ve posted is usually a sign that the certificate used in the TLS connection is either self-signed or that the certificate authority (CA) isn’t known to Java, that the CA is not included in your JVM’s trust store.

Please refer to the following article for one possible solution: http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.