Mail action self signed certificate

add-ons
Tags: #<Tag:0x00007f1e5768e710>
(Elser Marc) #1

I’m trying to use the mail action with an internal server that has a self-signed SSL certificate.

I already updated that java version to

~$ java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot(TM) Client VM (build 25.171-b11, mixed mode)

I also tried converting my .crt file (which is the only thing I have) to a der file with
openssl x509 -outform der -in imapd.pem -out imapd.der

Then I installed it to with:
sudo keytool -import -alias nuctux_imap -keystore cacerts -file imapd.der
and got the following output

Enter keystore password:
Re-enter new password:
Owner: EMAILADDRESS=marc@shadowsrealm.ch, CN=imap.shadowsrealm.ch, OU=Automatically-generated IMAP SSL key, O=Courier Mail Server, L=Zuerich, ST=ZH, C=CH
Issuer: EMAILADDRESS=marc@shadowsrealm.ch, CN=imap.shadowsrealm.ch, OU=Automatically-generated IMAP SSL key, O=Courier Mail Server, L=Zuerich, ST=ZH, C=CH
Serial number: 8a5cd85e58ab9a8a
Valid from: Sun Oct 23 23:15:09 CEST 2005 until: Wed Mar 09 22:15:09 CET 2033
Certificate fingerprints:
         MD5:  7A:E1:7E:DE:B6:27:FD:A7:7C:91:16:A2:1D:35:DB:FA
         SHA1: 57:0A:58:6C:8A:92:46:57:EB:BA:B0:80:96:2D:EE:97:4E:B8:7B:8E
         SHA256: 41:20:00:47:48:9B:72:EE:1E:37:95:83:C1:AA:A4:99:A4:EE:C9:02:04:6B:1A:DB:B5:EC:60:30:8F:FE:DE:07
         Signature algorithm name: MD5withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL server
]

Trust this certificate? [no]:  yes
Certificate was added to keystore

The only thing which puzzled me here that it was asking for a new passwort (as I had to re-enter it, see 2nd line)

Then I also added as trusted certificate like this:
sudo keytool -import -alias nuctux_imap -trustcacerts -file imapd.der

Again I was prompted to enter a new password.

So maybe java is not using this keystores as they are not the default ones?

However despite all my effort trying to use tls or ssl with the mail action outputs the following error:

org.apache.commons.mail.EmailException: Sending the email to the following server failed : imap.shadowsrealm.ch:25
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1421) ~[?:?]
	at org.apache.commons.mail.Email.send(Email.java:1448) ~[?:?]
	at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:157) ~[?:?]
	at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:89) ~[?:?]
	at org.openhab.action.mail.internal.Mail.sendMail(Mail.java:67) ~[?:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:498) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1085) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeOperation(XbaseInterpreter.java:1060) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._invokeFeature(XbaseInterpreter.java:1046) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.invokeFeature(XbaseInterpreter.java:991) ~[?:?]
	at org.eclipse.smarthome.model.script.interpreter.ScriptInterpreter.invokeFeature(ScriptInterpreter.java:141) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:901) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:864) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:223) ~[?:?]
	at org.eclipse.smarthome.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:215) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:203) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter._doEvaluate(XbaseInterpreter.java:446) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.doEvaluate(XbaseInterpreter.java:227) ~[?:?]
	at org.eclipse.smarthome.model.script.interpreter.ScriptInterpreter.doEvaluate(ScriptInterpreter.java:215) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.internalEvaluate(XbaseInterpreter.java:203) ~[?:?]
	at org.eclipse.xtext.xbase.interpreter.impl.XbaseInterpreter.evaluate(XbaseInterpreter.java:189) ~[?:?]
	at org.eclipse.smarthome.model.script.runtime.internal.engine.ScriptImpl.execute(ScriptImpl.java:82) ~[?:?]
	at org.eclipse.smarthome.model.rule.runtime.internal.engine.RuleEngineImpl.lambda$2(RuleEngineImpl.java:343) ~[?:?]
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:?]
	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:?]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) [?:?]
	at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [?:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:?]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:?]
	at java.lang.Thread.run(Thread.java:748) [?:?]
Caused by: javax.mail.MessagingException: Could not convert socket to TLS
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1918) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:652) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:317) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:176) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:125) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send0(Transport.java:194) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send(Transport.java:124) ~[30:javax.mail:1.4.5]
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[?:?]
	... 32 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964) ~[?:?]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328) ~[?:?]
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[?:?]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) ~[?:?]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:?]
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548) ~[30:javax.mail:1.4.5]
	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:485) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1913) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:652) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:317) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:176) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:125) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send0(Transport.java:194) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send(Transport.java:124) ~[30:javax.mail:1.4.5]
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[?:?]
	... 32 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[?:?]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:?]
	at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:?]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ~[?:?]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:?]
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548) ~[30:javax.mail:1.4.5]
	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:485) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1913) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:652) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:317) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:176) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:125) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send0(Transport.java:194) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send(Transport.java:124) ~[30:javax.mail:1.4.5]
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[?:?]
	... 32 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
	at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
	at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:?]
	at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[?:?]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[?:?]
	at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:?]
	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:?]
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) ~[?:?]
	at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
	at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[?:?]
	at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) ~[?:?]
	at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) ~[?:?]
	at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548) ~[30:javax.mail:1.4.5]
	at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:485) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1913) ~[30:javax.mail:1.4.5]
	at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:652) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:317) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:176) ~[30:javax.mail:1.4.5]
	at javax.mail.Service.connect(Service.java:125) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send0(Transport.java:194) ~[30:javax.mail:1.4.5]
	at javax.mail.Transport.send(Transport.java:124) ~[30:javax.mail:1.4.5]
	at org.apache.commons.mail.Email.sendMimeMessage(Email.java:1411) ~[?:?]
	... 32 more

Any help is greatly appreciated as this drives me totally crazy and it seems others too (see the post about not accepting letsencrypt ssl keys which also doesn’t have a solution). I really hope a solution can be presented here for everyone having the same problems or modify the mail action to not verify the certificate something like “certificatevalidity=false” but I have absolutely zero java programming knowledge to accomplish a task like this.

0 Likes

(Vincent Regaud) #2

I am not expert but I think you need to add a certificate to the OH java config.
I did that for MQTT a while ago:

0 Likes

(Mark Ford) #3

Mail action is the assign the self-certificate in the internal server of the Java.you can use the Roadrunner Email. For instant support related to Roadrunner Email, please contact Reset Roadrunner Password for the best solution.

0 Likes