0

I am getting following error when I try to connect yahoo 

pop3s. plus.mail.pop.yahoo.com:995

error while connecting to pop3 mail server javax.mail.MessagingException: Connect failed;
nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I have already tried adding the certificate into JAVA_Home/jre/lib/security. Also when I am trying to use the same code directly using the Java/javac Cmd it works. But from tomcat it does not work.

Also: the code which I am using that was working since last two years on same server. Recently we have migrated from dedicated server to cloud based server. Backspace is the vendor where we have deployed the code.

Thanks in advance! Vivek Agrawal

Aniket Kulkarni
  • 12,825
  • 9
  • 67
  • 90
vivek agrawal
  • 41
  • 1
  • 11

1 Answers1

0

Most probably cause os this is that the system is unable to locate a valid certificate because in your migration something related to the keystore was not properly set.

Review your configuration file $CATALINA_BASE/conf/server.xml and look if the path to the correct keystore is set under Connector tag. If you are using JSSL look for this in that file

<-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
<Connector 
           port="8443" maxThreads="200"
           scheme="https" secure="true" SSLEnabled="true"
           keystoreFile="${user.home}/.keystore" keystorePass="changeit"
           clientAuth="false" sslProtocol="TLS"/>

Your keystoreFile has to be set to the correct path in order your application can validate amd resolve a certificacion path in a request (the keystorepass have to be correct too, indeed).

If you have another configuration (APR or something) look at the documentation about in http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html

Hope this help, Cheers!!

Francisco Hernandez
  • 2,378
  • 14
  • 18
  • thank you for quick response. The connector tag which you have mentioned that is for out going connections or incoming connections. – vivek agrawal Dec 17 '12 at 10:04
  • here i am trying to use JAVA MAIL API to connect to Yahoo pop 3 server. will the connector tag changes help me. FYI, currently that connector tag is commented out. also it was working fine even before when that tag was commented – vivek agrawal Dec 17 '12 at 10:06
  • if in the previous installation and configuration the connector tag was commented, then leave it commented too... Maybe you keystore is in another place, look for the catalina.sh startup file and look if there is any java-command argument that point to a valid keystore. – Francisco Hernandez Dec 17 '12 at 12:01
  • Sorry, my connection was down, as I said, look for another keystore that java is using. The Handshake ssl process is the negotiation between both parts in order to clarify if 'you are who your are saying'. This is made by digital certificates, if the server is unable to determine who you are a HandshakeSSLExcpetion is thrown... Your system must know the certificate for yahoo pop3 server, so yo need to have the yahoo certificate in a keystore. – Francisco Hernandez Dec 17 '12 at 12:04
  • thanks I will check the config files. Do you see any difference betweeen cloud server and old dedicated servers. i am wondering if there is some issue because of cloud server. – vivek agrawal Dec 17 '12 at 13:11
  • There is no differences... in the end is a tomcat server xD, maybe in cloud server you lost some calculate power or something else (because in theory a dedicated server have to have more capacity) but only for that... if your disponibility requirements are satisfied with cloud server go on, generally are cheaper than dedicated xD. By the way, there is a third option, you can indicate java to use a keystore in code, with System.setProperty("javax.net.ssl.trustStore", "/absolute/path/to/your/keystore"); – Francisco Hernandez Dec 17 '12 at 16:36
  • thank you, i have two server i was able to resolve the issue on one server. i am still facing some issue on another. I will give some more time to figure out the issue and will contact you if required. – vivek agrawal Dec 18 '12 at 09:02