J'ai cherché loin et longtemps et ne trouve pas la réponse. J'utilise Glassfish et je veux envoyer un email via notre serveur smtp.Glassfish, Java email et certificat
J'ai obtenu le certificat du serveur:
openssl s_client -connect mail.example.com:587 -starttls smtp > our.cer
J'ai nettoyé le fichier cer pour contenir uniquement les données de certificat.
J'ai importer partout:
keytool -import -alias mail.example.com -file our.cer -keystore c:\Progra~1\Java\jre7\lib\security\cacerts
keytool -import -alias mail.example.com -file our.cer -keystore c:\Progra~1\Java\JDK17~1.0_4\jre\lib\security\cacerts
keytool -import -alias mail.example.com -file our.cer -keystore c:\PROGRA~1\GLASSF~1.0\GLASSF~1\domains\domain1\config\cacerts.jks
Mais je reçois l'erreur suivante:
javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by...
...
Caused by...
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Mon extrait de code:
...
Properties properties = System.getProperties();
properties.put("mail.smtp.starttls.enable", "true");
properties.put("mail.smtp.host", "mail.example.com");
properties.put("mail.smtp.user", "[email protected]");
properties.put("mail.smtp.password", "some.password");
properties.put("mail.smtp.port", "587"));
properties.put("mail.smtp.auth", "true"));
properties.put("mail.smtp.from", "[email protected]"));
properties.put("mail.transport", "smtp"));
...
Authenticator mailAuthenticator = new Authenticator()
{
@Override
protected PasswordAuthentication getPasswordAuthentication()
{
return new PasswordAuthentication(properties.getProperty("mail.smtp.user"),
properties.getProperty("mail.smtp.password"));
}
};
try
{
// Get the default Session object.
Session session = Session.getDefaultInstance(properties, mailAuthenticator);
MimeMessage mimeMessage = new MimeMessage(session);
mimeMessage.setSubject("Hallo world!");
mimeMessage.setFrom(new InternetAddress(properties.getProperty("mail.smtp.from")));
mimeMessage.setRecipient(Message.RecipientType.TO, new InternetAddress("[email protected]"));
mimeMessage.setText("Some text message...");
Transport transport = session.getTransport(properties.getProperty("mail.transport"));//"smtp"
int port = Integer.parseInt(properties.getProperty("mail.smtp.port"));//587
transport.connect(properties.getProperty("mail.smtp.host"),//"mail.example.com"
port,
properties.getProperty("mail.smtp.user"),//"[email protected]"
properties.getProperty("mail.smtp.password"));//Clear text password
transport.sendMessage(mimeMessage, mimeMessage.getAllRecipients());
LOG.info("...done sending email");
}
catch (AddressException e)
{
LOG.log(Level.SEVERE, "Error while sending email", e);
}
catch (MessagingException e)
{
LOG.log(Level.SEVERE, "Error while sending email", e);
}
catch (Exception e)
{
LOG.log(Level.SEVERE, "Error while sending email", e);
}
J'ai aussi essayé d'exécuter Mkyong's suggestion InstallCert (source) contre le serveur de messagerie, mais je reçois:
javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
MISE À JOUR 1
J'ai chargé le certificat dans les endroits suivants:
keytool -import -alias mail.example.com -file our.cer -keystore c:\PROGRA~1\GLASSF~1.0\GLASSF~1\domains\domain1\config\keystore.jks
keytool -import -alias mail.example.com -file our.cer -keystore c:\GLASSFISH\config\keystore.jks
keytool -import -alias mail.example.com -file our.cer -keystore c:\GLASSFISH\config\cacerts.jks
J'ai aussi définir ces propriétés:
System.setProperty("javax.net.ssl.keyStore", "c:\\GLASSFISH\\config\\keystore.jks");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
System.setProperty("javax.net.ssl.trustStore", "c:\\GLASSFISH\\config\\cacerts.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
J'ai aussi activé le débogage pour SSL (console Glassfish, serveur, propriétés) javax.net.debug=ssl
.
Il fonctionne dans une application de test autonome (Java SE) mais pas dans Glassfish.
MISE À JOUR 2
Utilisation du javax.net.debug=ssl
et en examinant le journal eteint je peux voir que, même-si j'ai chargé le certificat « partout » ou si je signale Glassfish au keystore java, Glassfish manque ce certificat. L'application de test autonome l'a:
adding as trusted cert:
Subject: CN=avast! Web/Mail Shield Root, O=avast! Web/Mail Shield, OU=generated by avast! antivirus for SSL/TLS scanning
Issuer: CN=avast! Web/Mail Shield Root, O=avast! Web/Mail Shield, OU=generated by avast! antivirus for SSL/TLS scanning
Algorithm: RSA; Serial number: 0x14128fa09c50b64ba6d5c99875872673
Valid from Wed Feb 04 08:56:17 CAT 2015 until Sat Feb 01 08:56:17 CAT 2025
(Notez le numéro de série ...)
Il semble être le certificat manquant de Glassfish; parce que l'application de test autonome trouve:
Found trusted certificate:
[
[
Version: V3
Subject: CN=avast! Web/Mail Shield Root, O=avast! Web/Mail Shield, OU=generated by avast! antivirus for SSL/TLS scanning
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 2048 bits
modulus: ---8<---
public exponent: 65537
Validity: [From: Wed Feb 04 08:56:17 CAT 2015, : Sat Feb 01 08:56:17 CAT 2025]
Issuer: CN=avast! Web/Mail Shield Root, O=avast! Web/Mail Shield, OU=generated by avast! antivirus for SSL/TLS scanning
SerialNumber: [ 14128fa0 9c50b64b a6d5c998 75872673]
...
(Regardez le SerialNumber ...)
S'il vous plaît aider
avez-vous réussi à se rendre à la " Ajout du certificat au magasin de clés 'jssecacerts' en utilisant la partie alias 'localhost-1' "? – djb