1

I have referred to almost every question on this topic on SO but none of the answers gave me a break-through unfortunately.

I am using EWS1.2 and running the following code from within eclipse to connect to our exchange server to send a test email. Please see inline comments as to what I understand that the code is doing.

ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2007_SP1);

/* Our company email id and windows password. We never had to enter a password for outlook. 
I guess it is using LDAP authentication. In our outlook it is set to Negotiate Authentication. */
ExchangeCredentials credentials = new WebCredentials("123.abc@xyz.com", "MyWinPassword");
service.setCredentials(credentials);

/* Our proxy server's ip address and port. I am not sure if our exchange server is only accessible through a proxy
but this statement stopped a "connection refused" error that I was getting earlier */
WebProxy webProxy = new WebProxy("our_proxy_ip", 8080);
webProxy.setCredentials("my_win7_user_id", "MyWinPassword", "OurDomain");
service.setWebProxy(webProxy);

try {
service.setUrl(new URI("https://exchange_ip/ews/Exchange.asmx"));

/* Autodiscovery never worked: The Autodiscover service couldn't be located. */
// service.autodiscoverUrl("123.abc@xyz.com");
} catch (URISyntaxException e) {
e.printStackTrace();
}

EmailMessage msg;
try {
msg = new EmailMessage(service);
msg.setSubject("Test Email");
msg.setBody(MessageBody.getMessageBodyFromText("Sent using the EWS API"));
msg.getToRecipients().add("123.abc@xyz.com");
msg.send(); /* This is where we get an exception */
} catch (Exception e) {
e.printStackTrace();
}

which results in the below trace:

microsoft.exchange.webservices.data.ServiceRequestException: The request failed. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at microsoft.exchange.webservices.data.ServiceRequestBase.getEwsHttpWebResponse(Unknown Source)
    at microsoft.exchange.webservices.data.ServiceRequestBase.validateAndEmitRequest(Unknown Source)
    at microsoft.exchange.webservices.data.SimpleServiceRequestBase.internalExecute(Unknown Source)
    at microsoft.exchange.webservices.data.MultiResponseServiceRequest.execute(Unknown Source)
    at microsoft.exchange.webservices.data.ExchangeService.internalCreateItems(Unknown Source)
    at microsoft.exchange.webservices.data.ExchangeService.createItem(Unknown Source)
    at microsoft.exchange.webservices.data.Item.internalCreate(Unknown Source)
    at microsoft.exchange.webservices.data.EmailMessage.internalSend(Unknown Source)
    at microsoft.exchange.webservices.data.EmailMessage.send(Unknown Source)
    at com.ashok.calsync.Sync.testMethod(Sync.java:39)
    at com.ashok.calsync.Sync.main(Sync.java:12)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 11 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    ... 28 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
    ... 34 more

I had exported the certificate used by Outlook to a .cer file and imported to cacerts using keytool.

keytool -import -file D:\Ashok\myOutlookCert1.cer -keystore cacerts -alias myOutlookCert1

The Run configuration in eclipse includes the following under VM Arguments

-Djavax.net.debug=all -Djavax.net.ssl.keyStore="C:\java_jdk\1.6.0_30\jre\lib\security\cacerts" -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.trustStore="C:\java_jdk\1.6.0_30\jre\lib\security\cacerts" -Djavax.net.ssl.trustStorePassword=changeit

and the certificate is visible in the debug trace

adding as trusted cert: Subject: CN=123.abc, CN=S, CN=A, CN=OurDomain, CN=XYZ, CN=pki, DC=xyz, DC=com Issuer: CN=XYZ-CA1-FR, CN=PKI, DC=XYZ, DC=com Algorithm: RSA; Serial number: 0x43559d09
Valid from Tue Jun 19 13:31:28 IST 2012 until Fri Jun 19 14:01:28 IST 2015

After all these, the exception suggests that the certificate is not found. The questions here are:

  1. How do we confirm that the certificate I imported to cacerts is the one the Server is looking for?
  2. I had exported the certificate from Outlook's Trust Centre (from within Email Security section). Is this the right certificate for connecting to the Exchange Server?

Many thanks in advance for any help.

Regards,
Ashok

JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Ashok
  • 435
  • 1
  • 4
  • 16

0 Answers0