Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

E-mail problem with Office365 configuration

Questions
Tags
Users
Badges
LUIZ DE ALMEIDA
(23016493) Apr 26 '17, 1:48 p.m.

Hello there,


In my company we're using Office365 as our e-mail server. In JTS we're using the following configuration:
SMTP server: smtp.office365.com
SMTP Port: 587
STARTTLS: true

When I try to send a test e-mail, the following error is showed:

Can't send command to SMTP host; nested exception is: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: java.security.cert.CertPathValidatorException: The certificate issued by CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US is not trusted; internal cause is: java.security.cert.CertPathValidatorException: Certificate chaining error

Does anybody had this problem?

Any idea? tips?

Since now, thanks.

0 votes

1 answer
3,804 views
0 votes

Accepted answer

Permanent link
LUIZ DE ALMEIDA
(23016493) edited
May 03 '17, 10:30 a.m.

I solved the problem with these steps:


1) I got the correct certificate from the smtp server with this command: 

openssl s_client -connect smtp.office365.com:587 -starttls smtp -showcerts | openssl x509 -outform PEM -out cert_smtp_office365.crt
2) I added the certificate in WAS in the page "Security > SSL certificate and key management > key store and certificate > CellDefaultTrustStore".

3) I restarted the DMGR and nodeagents.

It worked.

Ralph Schoon selected this answer as the correct answer

0 votes

Comments
Robert Carter
Jul 14 '17, 10:00 a.m.

This is still not working for me.  I used the command above to extract the certificate.  Since I am using WebSphere Liberty I imported the certificate into the certificate store for Liberty here:

C:\IBM\CLM604\server\jre\lib\security\cacerts


I verified the cert was there.  Is there a different place this should be imported?

I am still getting the error:
Unable to convert connection to SSL (javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: PKIXCertPathBuilderImpl could not build a valid CertPath.)

Robert Carter
Jul 14 '17, 10:38 a.m.

 It is working now.  I found the correct certificate store here:

C:\IBM\CLM604\server\liberty\servers\clm\resources\security\ibm-team-ssl.keystore

This is also defined in the default keystore setting in the server.xml file located:
C:\IBM\CLM604\server\liberty\servers\clm


Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Apr 26 '17, 1:48 p.m.

Question was seen: 3,804 times

Last updated: Jul 14 '17, 10:38 a.m.

Confirmation Cancel Confirm