So, this is a Linux box. Let’s run down the list of usual suspects:
File does not exist
File permissions are wrong
Directory structure permissions are wrong
File ownership is wrong
File is in the wrong format
Code issue
Now, the first three or four items in the list are where things go wrong
most often. If James is running as the root user, the ownership of the file
and/or folder should not be an issue. If, however, you have any concept of
security and run James as a limited user, you need to check the permissions
and ownership of the keystone and its location. I would also check to see
if the file name matches EXACTLY what is in the path. I mean no disrespect,
but I don’t know how long you have used Linux and newbies often don’t
realize that the filenames ‘bob’, ‘Bob’, ‘BOB’ and ‘BoB’ are all different
in Linux, whereas in Windows, the OS treats them all as the same filename.
Typically, cacerts should be owned by root and have a - don’t quote me on
this - 600 or 640 permission (either rw———- or rw-r——-). That means that
they are read-write by the owners and MIGHT be readable by the group, but
not by others. The directory path needs to be 755 (rwxr-x-r-x)at least to
allow you to read and execute commands. Not having it at that permission
level will make it hard for James to access the file.
I know that this may seem offensive if you ‘know’ Linux, but I have been
using Linux at home since 1996 and professionally since about 2006 (not
counting my student job in college). I still make these boneheaded mistakes
from time to time and feel like a dumbass every time. It’s no shame to be
human and make simple mistakes - or at least it shouldn’t be. The worst
that can happen is people point at you and shake their heads calling you a
dumbass, knowing full well they have and likely will make the same mistake
at some point.
On Mon, Jun 28, 2021 at 9:23 AM Amlan Sengupta
<amlan.sengu...@db.com.invalid> wrote:
> Hello,
>
> I am running into a weird problem with James 3.5.0. I am trying to enable
> the following but it fails to load the cacerts-test. I have confirmed the
> file exist and the secret is correct. I also hardcoded the values of the
> secret but startTLS="true"> to no vail.
>
>
>
>
> <tls socketTLS="false" startTLS="true">
>
> <!-- To create a new keystore execute:
>
> keytool -genkey -alias james -keyalg RSA -keystore
> /path/to/james/conf/keystore
>
> -->
>
>
> <keystore>/opt/db/jdk/11/${env:JDK}/lib/security/cacerts-test</keystore>
>
> <secret>xxxxxxx</secret>
>
>
> <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider>
>
> <!-- The algorithm is optional and only needs to be specified when
> using something other
>
> than the Sun JCE provider - You could use IbmX509 with IBM Java
> runtime. -->
>
> <algorithm>SunX509</algorithm>
>
> </tls>
>
>
>
> I keep getting :
>
> jvm 1 | org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'smtpserver': Invocation of init method failed;
> nested exception is java.io.FileNotFoundException: Could not load file
> /opt/db/jdk/11/jdk11.0.9/lib/security/cacerts-test
>
>
>
> jvm 1 | Caused by: java.io.FileNotFoundException: Could not load file
> /opt/db/jdk/11/jdk11.0.9/lib/security/cacerts-test
>
>
>
> Any suggestions or anyone else seen this ? Amlan
>
>
> ---
> This e-mail may contain confidential and/or privileged information. If you
> are not the intended recipient (or have received this e-mail in error)
> please notify the sender immediately and delete this e-mail. Any
> unauthorized copying, disclosure or distribution of the material in this
> e-mail is strictly forbidden.
>
> Please refer to https://www.db.com/disclosures for additional EU
> corporate and regulatory disclosures and to
> http://www.db.com/unitedkingdom/content/privacy.htm for information about
> privacy.
>
