Re: [Dspace-tech] Email Setup Difficulties

[bryce ray]

I'm still having a problem with this.  I've gone ahead and purchased and
configured SSL to work on the server.  I've made sure that the ssl certs are
in the java key store.  The ssl and mail server work perfectly with the rest
of the applications (all of which run on the same server but under apache).
Dspace runs on tomcat but uses the mod_jk connector to interact with
apache.  I've tried every configuration I can think of in my dspace.cfg mail
section.  The two main configurations that I think should work are also
detailed below.  My dspace version is 1.5.2  Despite all of this I continue
to receive the error below.

Any suggestions would be greatly appreciated.  I've been dealing with this
issue for a very long time and am under pressure to get it fixed.

Config1:
##### Email settings ######
# SMTP mail server
mail.server=domain.org

# SMTP mail server authentication username and password (if required)
mail.server.username = m...@domain.org
mail.server.password =password

# Pass extra settings to the Java mail library. Comma separated, equals sign
between
# the key and the value.
mail.extraproperties = mail.smtp.socketFactory.port=465, \
          mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory, \
         mail.smtp.socketFactory.fallback=false

mail.server.port = 465
#########################

Config2:
##### Email settings ######
# SMTP mail server
mail.server=domain.org

# SMTP mail server authentication username and password (if required)
mail.server.username = m...@domain.org
mail.server.password =password

mail.server.port = 465
#########################

Error:
javax.mail.MessagingException: Exception reading response;
  nested exception is:
        javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Path does not chain with any
of the trust anchors
        at
com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1462)
        at
com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1260)
        at
com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:370)
        at javax.mail.Service.connect(Service.java:297)
        at javax.mail.Service.connect(Service.java:156)
        at javax.mail.Service.connect(Service.java:105)
        at javax.mail.Transport.send0(Transport.java:168)
        at javax.mail.Transport.send(Transport.java:98)
        at org.dspace.core.Email.send(Email.java:362)
        at
org.dspace.eperson.AccountManager.sendEmail(AccountManager.java:296)
        at
org.dspace.eperson.AccountManager.sendInfo(AccountManager.java:256)
        at
org.dspace.eperson.AccountManager.sendRegistrationInfo(AccountManager.java:101)
        at
org.dspace.app.webui.servlet.RegisterServlet.processEnterEmail(RegisterServlet.java:287)
        at
org.dspace.app.webui.servlet.RegisterServlet.doDSPost(RegisterServlet.java:202)
        at
org.dspace.app.webui.servlet.DSpaceServlet.processRequest(DSpaceServlet.java:147)
        at
org.dspace.app.webui.servlet.DSpaceServlet.doPost(DSpaceServlet.java:105)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
        at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
        at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
        at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
        at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
        at
org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:190)
        at
org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:769)
        at
org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:698)
        at
org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:891)
        at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:690)
        at java.lang.Thread.run(Thread.java:619)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: Path does not chain with any
of the trust anchors
  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
        at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
        at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
        at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:744)
        at
com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
        at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:97)
        at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
        at java.io.BufferedInputStream.read(BufferedInputStream.java:237)
        at
com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:75)
        at
com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1440)
        ... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation
failed: java.security.cert.CertPathValidatorException: Path does not chain
with any of the trust anchors
        at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:251)
        at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:234)
        at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:148)
        at sun.security.validator.Validator.validate(Validator.java:218)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
        at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
        ... 44 more
Caused by: java.security.cert.CertPathValidatorException: Path does not
chain with any of the trust anchors
        at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:195)
        at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
        at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:246)
        ... 51 more


On Thu, May 6, 2010 at 11:28 AM, bryce ray <bryceray1...@gmail.com> wrote:

> Is it possible to set this up to not use SSL? What configuration settings
> do I need to change?
> When I changed the port of the mail configuration from 465 to 25 I
> continued to get the same SSL problem.  I never really intended to connect
> to the mail server through SSL it seems to be attempting to do so on its own
> or through some configuration setting I'm not aware of.
>
> Thanks for your help.
>
> On Wed, May 5, 2010 at 8:32 PM, Mark H. Wood <mw...@iupui.edu> wrote:
>
>> Do you also have a copy of the certificate used by your cert. vendor
>> to sign your server's certificate, and so on up to the selfsigned root
>> CA certificate?  It looks like it is unable to build the complete trust
>> path.
>>
>> Browsers and suchlike may come packed with big bundles of CA
>> certificates that most users just blindly trust, but a JKS truststore
>> is created empty -- annoying, but it's for a good reason.  Common
>> practice is for a program asserting identity via certificate to
>> provide the entire chain up to the root.  To do that, you need to
>> install those higher-level certificates.
>>
>> Your CA probably has a page that provides its signing cert., as well
>> as their root cert. if they use the common practice of separating the
>> two functions.  (Notice I didn't say the page will be easy to find.)-:
>>
>> --
>> Mark H. Wood, Lead System Programmer   mw...@iupui.edu
>> Balance your desire for bells and whistles with the reality that only a
>> little more than 2 percent of world population has broadband.
>>        -- Ledford and Tyler, _Google Analytics 2.0_
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> DSpace-tech mailing list
>> DSpace-tech@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/dspace-tech
>>
>>
>

------------------------------------------------------------------------------


_______________________________________________
DSpace-tech mailing list
DSpace-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspace-tech