Ignite Global Support Home Start a conversation Sign in
Start a conversation
  1. Jive Support
  2. Jive - SSL
  3. Articles

Email Stops Working After SSL or TLS Certificate Update - Can’t send commands to SMTP host

Overview

You are not able to send emails from your Jive instance. When you try to send a test email from the Admin Console, you get an error:

Sending the message failed. Please verify that your host and port settings are correct. (Message: Can’t send commands to SMTP host)

 

Logs have the below errors:

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

In SMTP settings, you have set

    • Use SSL - True, OR
    • Use TLS - True

This article describes the process to resolve an issue that occurs when emails from Jive are no longer being received after a recent email server security certificate update.

Prerequisites

This applies to On-Premise customers, but these steps may be helpful for investigations into hosted  customers who are not using Jive provided email servers

Solution

  1. Use OpenSSL to find the certificate chain on the email server:
    openssl s_client -starttls smtp -crlf -connect <email server name from the last step>:<email server port>
    Note the names of all of the certificates in the chain.
  2. Check to see if the certificates are in the Jive Keystore:
    1. As the jive user, browse to ~/java/jre/bin.
    2. Use: ./keytool -list -v -keystore /usr/local/jive/java/jre/lib/security/cacerts -storepass changeit
  3. If you search the output and do not find the certificates from the previous step, they need to be imported into the Jive Keystore.
  4. Install the new certificates into the Keystore:
    1. Use: sudo su - jive
    2. Copy the .pem file(s) for each certificate that was not found in the webapp nodes; in this example, we are placing them in the /tmp folder. The certificate provider should have the .pem files available.
    3. Browse to ~/java/jre/bin.
    4. Use: ./keytool -storetype BCFKS -keystore /usr/local/jive/java/jre/lib/security/cacerts -storepass changeit -import -alias <choose a cert alias> -file /tmp/<certificate_name>.pem
  5. Restart the Web Node.

Testing

Once installed on the webapp nodes, test the email connection:

  1. Log in to the Admin console
  2. Navigate to System > Settings > Email section to verify that the connection is now working fine.
Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted

Comments