On Tue, May 07, 2013 at 12:15:45PM +0530, Divya Gandhi wrote: > I was trying to configure my gmail account as admin. my dspace.cfg looks > like this: > > # SMTP mail server > mail.server = smtp.gmail.com > > # SMTP mail server authentication username and password (if required) > mail.server.username = [email protected] > mail.server.password = password.of.my.gmail.ac > > # SMTP mail server alternate port (defaults to 25) > mail.server.port = 465 > > # Recipient for new user registration emails > registration.notify = [email protected] > mail.charset = UTF-8 > > mail.allowed.referrers = localhost > mail.extraproperties = mail.smtp.socketFactory.port=465, \ > mail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory, \ > mail.smtp.socketFactory.fallback=false > mail.server.disabled = false > default.language = en_US > > But whenever a new user registers, there is an error and my log file reads > like this: > > 2013-05-07 11:53:48,171 INFO org.dspace.app.webui.servlet.RegisterServlet > @ anonymous:session_id=AB658FFDEB01EB592D20F56C8ACA1953:ip_addr=127.0.0.1: > error_emailing:[email protected] > *javax.mail.MessagingException*: Exception reading response; > nested exception is: > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find ^^^^^^^^^^^^^^ > valid certification path to requested target ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SSL is trying to validate Gmail's certificate, but it doesn't have a
trusted root certificate to chain back to, probably because you
haven't told it to trust anything. Unlike most web browsers, Java's
SSL code correctly comes with NO certificates installed, so until you
take action, it trusts no one.
It isn't immediately obvious where to get information from Google
about the certificates Gmail will present, so I tried this:
$ openssl s_client -connect smtp.gmail.com:465
CONNECTED(00000003)
depth=1 C = US, O = Google Inc, CN = Google Internet Authority
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
i:/C=US/O=Google Inc/CN=Google Internet Authority
1 s:/C=US/O=Google Inc/CN=Google Internet Authority
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
So: you need to either disable certificate validation (not
recommended), or provide a trust store containing at least a
certificate for "/C=US/O=Equifax/OU=Equifax Secure Certificate Authority".
You should be able to get that cert. from Equifax's web site if you don't
have a copy already.
[check]
Actually, it seems that Equifax roots are now held by GeoTrust.
http://www.geotrust.com/resources/root-certificates/
Use the Java 'keytool' to create key/certificate/trust stores.
I think you should be able to use dspace.cfg:mail.extraproperties to
point to your trust store:
mail.extraproperties = javax.net.ssl.trustStore=/path/to/trust/store
> I read online about *javax.mail.MessagingException* and I read about the
> following possibilities:
> 1. port 465 is closed. (I ran netsat -a to find the used ports but it was
> not listed there)
No, you'd need to verify that port 465 is open at the mail server's
host, which in this case is smtp.gmail.com. As you can see from my
certificate check above, it is.
> 2. missing jar files in WEB-INF/lib. I downloaded the jar
> files<http://www.oracle.com/technetwork/java/javamail/index-138643.html>and
> put them in tomcat webapps/jspui/WEB-INF/lib
That is not the problem here, because javamail made a connection to
Gmail so clearly the javamail JAR is present.
--
Mark H. Wood, Lead System Programmer [email protected]
Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. This 200-page book is written by three acclaimed leaders in the field. The early access version is available now. Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________ DSpace-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dspace-tech List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
