It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×6,020
×4,304
×69

question asked: Apr 26 '17, 1:48 p.m.
question was seen: 3,464 times
last updated: Jul 14 '17, 10:38 a.m.

Related questions

E-mail problem with Office365 configuration

0
Luiz Almeida (23016091) | asked Apr 26 '17, 1:48 p.m.

Hello there,


In my company we're using Office365 as our e-mail server. In JTS we're using the following configuration:
SMTP server: smtp.office365.com
SMTP Port: 587
STARTTLS: true

When I try to send a test e-mail, the following error is showed:

Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error

Does anybody had this problem?

Any idea? tips?

Since now, thanks.

Accepted answer

0
permanent link
Luiz Almeida (23016091) | answered May 03 '17, 10:29 a.m.
edited May 03 '17, 10:30 a.m.

I solved the problem with these steps:


1) I got the correct certificate from the smtp server with this command: 

openssl s_client -connect smtp.office365.com:587 -starttls smtp -showcerts | openssl x509 -outform PEM -out cert_smtp_office365.crt
2) I added the certificate in WAS in the page "Security > SSL certificate and key management > key store and certificate > CellDefaultTrustStore".

3) I restarted the DMGR and nodeagents.

It worked.

Ralph Schoon selected this answer as the correct answer
Comments
Robert Carter commented Jul 14 '17, 9:58 a.m. | edited Jul 14 '17, 10:00 a.m.

This is still not working for me.  I used the command above to extract the certificate.  Since I am using WebSphere Liberty I imported the certificate into the certificate store for Liberty here:

C:\IBM\CLM604\server\jre\lib\security\cacerts


I verified the cert was there.  Is there a different place this should be imported?

I am still getting the error:
Unable to convert connection to SSL (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.)

Robert Carter commented Jul 14 '17, 10:38 a.m.

 It is working now.  I found the correct certificate store here:

C:\IBM\CLM604\server\liberty\servers\clm\resources\security\ibm-team-ssl.keystore

This is also defined in the default keystore setting in the server.xml file located:
C:\IBM\CLM604\server\liberty\servers\clm


Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.