I'm still having a problem with this. I've gone ahead and purchased and configured SSL to work on the server. I've made sure that the ssl certs are in the java key store. The ssl and mail server work perfectly with the rest of the applications (all of which run on the same server but under apache). Dspace runs on tomcat but uses the mod_jk connector to interact with apache. I've tried every configuration I can think of in my dspace.cfg mail section. The two main configurations that I think should work are also detailed below. My dspace version is 1.5.2 Despite all of this I continue to receive the error below.
Any suggestions would be greatly appreciated. I've been dealing with this issue for a very long time and am under pressure to get it fixed. Config1: ##### Email settings ###### # SMTP mail server mail.server=domain.org # SMTP mail server authentication username and password (if required) mail.server.username = m...@domain.org mail.server.password =password # Pass extra settings to the Java mail library. Comma separated, equals sign between # the key and the value. mail.extraproperties = mail.smtp.socketFactory.port=465, \ mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory, \ mail.smtp.socketFactory.fallback=false mail.server.port = 465 ######################### Config2: ##### Email settings ###### # SMTP mail server mail.server=domain.org # SMTP mail server authentication username and password (if required) mail.server.username = m...@domain.org mail.server.password =password mail.server.port = 465 ######################### Error: javax.mail.MessagingException: Exception reading response; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1462) at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1260) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:370) at javax.mail.Service.connect(Service.java:297) at javax.mail.Service.connect(Service.java:156) at javax.mail.Service.connect(Service.java:105) at javax.mail.Transport.send0(Transport.java:168) at javax.mail.Transport.send(Transport.java:98) at org.dspace.core.Email.send(Email.java:362) at org.dspace.eperson.AccountManager.sendEmail(AccountManager.java:296) at org.dspace.eperson.AccountManager.sendInfo(AccountManager.java:256) at org.dspace.eperson.AccountManager.sendRegistrationInfo(AccountManager.java:101) at org.dspace.app.webui.servlet.RegisterServlet.processEnterEmail(RegisterServlet.java:287) at org.dspace.app.webui.servlet.RegisterServlet.doDSPost(RegisterServlet.java:202) at org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:147) at org.dspace.app.webui.servlet.DSpaceServlet.doPost(DSpaceServlet.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690) at java.lang.Thread.run(Thread.java:619) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75) at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:97) at java.io.BufferedInputStream.fill(BufferedInputStream.java:218) at java.io.BufferedInputStream.read(BufferedInputStream.java:237) at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:75) at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1440) ... 32 more Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:148) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014) ... 44 more Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250) at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246) ... 51 more On Thu, May 6, 2010 at 11:28 AM, bryce ray <bryceray1...@gmail.com> wrote: > Is it possible to set this up to not use SSL? What configuration settings > do I need to change? > When I changed the port of the mail configuration from 465 to 25 I > continued to get the same SSL problem. I never really intended to connect > to the mail server through SSL it seems to be attempting to do so on its own > or through some configuration setting I'm not aware of. > > Thanks for your help. > > On Wed, May 5, 2010 at 8:32 PM, Mark H. Wood <mw...@iupui.edu> wrote: > >> Do you also have a copy of the certificate used by your cert. vendor >> to sign your server's certificate, and so on up to the selfsigned root >> CA certificate? It looks like it is unable to build the complete trust >> path. >> >> Browsers and suchlike may come packed with big bundles of CA >> certificates that most users just blindly trust, but a JKS truststore >> is created empty -- annoying, but it's for a good reason. Common >> practice is for a program asserting identity via certificate to >> provide the entire chain up to the root. To do that, you need to >> install those higher-level certificates. >> >> Your CA probably has a page that provides its signing cert., as well >> as their root cert. if they use the common practice of separating the >> two functions. (Notice I didn't say the page will be easy to find.)-: >> >> -- >> Mark H. Wood, Lead System Programmer mw...@iupui.edu >> Balance your desire for bells and whistles with the reality that only a >> little more than 2 percent of world population has broadband. >> -- Ledford and Tyler, _Google Analytics 2.0_ >> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> DSpace-tech mailing list >> DSpace-tech@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/dspace-tech >> >> >
------------------------------------------------------------------------------
_______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech