[OH3.3.0.M1/Windows] Java / SSL certificate issue

Setup, Configuration and Use Runtime
,
1
  • Platform information:
    • OS: Windows 10
    • Java Runtime Environment: Zulu11 (11.50.19 JDK 11.0.12)
    • openHAB version:3.3.0.M1 Milestone

Dear all,
I am facing the issue that mailActions (sendmail) is not working. In TRACE logs the following error appears:

2022-02-17 13:40:12.040 [WARN ] [ab.binding.mail.internal.SMTPHandler] - Sending the email to the following server failed : smtp.gmail.com:465
2022-02-17 13:40:12.041 [WARN ] [ab.binding.mail.internal.SMTPHandler] - javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
	javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

It seems there is a certificate issue - whatever this means. I found some older threads in the community with respect to other bindings (CalDAV, …), so I guess it is not related to the binding itself.

I also found some blogs which describe how to copy the gmail certificate in openSSL console in Java keystore - at least this is what I understand (e.g. here) for Windows.
Based on this blog there should be some random letters which is the certificate, but actually there is nothing like that when I am executing the command. Please find what is shown for me:

C:\Users\wosch2>openssl s_client -connect smtp.gmail.com:465
CONNECTED(000001B0)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 316 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

To be honest, I have absolutely no idea what all this stuff is… That’s why I am lost, even when some of old threads have been solved (e.g. here). Additionally, Windows is quite rarely used compared to Linux…

P.S.: I tried to keep this post as short as possible, that’s why I reduced the general hardware/software information and did not copy my Thing’s config and rules. If any information is required, please let me know!

Hopefully there is anybody which could help me as a beginner through the next steps. Thank you!

Regards,
Sascha

2

I ran the openssl command on a Pi. File is attached: smtp.gmail.cert.txt (1.6 KB)
Could be that it did not run on your PC because of this: git - OpenSSL errno 10054,connection refused, whilst trying to connect to our server - Stack Overflow

I am not sure it this approach will solve your problem. As far as I understand you are going to store the ‘cert’ in a keystore. But the cert is only valid between a specific date:

Not Before: Jan 17 03:07:36 2022 GMT
Not After : Apr 11 03:07:35 2022 GMT

which means you will have to redo that again April.

3

Hi Wolfgang,
the link did it! :smiley: This is - as far as I understand - exactly the issue I have. The first response explains what this exactly means and mentions two possible root-causes (firewall / server config). It seems that it was indeed a firewall issue at my side, not sure what exactly the problem is / was. I shut off the firewall and mailAction was working. I then restarted the firewall and it is still working. However, I did some changes in the configuration anyway. It’s now working, so problem seems to be solved. Thank you very much! :slight_smile:

1 Like