Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

sun.security.provider.certpath.SunCertPathBuilderException error setting IMAPS to Exchange server

The Bee
The Bee March 23, 2018

Hi,

 

I have Jira 7.4.1 and I'm trying to enable IMAPS, but I'm getting the following error:

 

Unable to connect to the server at mail.local due to the following exception: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

I tried SSLPoke and is ok:

 

/opt/atlassian/jira/jre//bin/java -Djavax.net.ssl.trustStore=/opt/atlassian/jira/jre/lib/security/cacerts SSLPoke mail.local 993
Successfully connected

 

/opt/atlassian/jira/jre//bin/java SSLPoke mail.local 993
Successfully connected

 

I tried the IMAPS from an IMAP client, and it works.

 

Any idea?

 

thanks!

Answer
Watch
Like Be the first to like this
3128 views

1 answer

1 accepted

0 votes
Answer accepted
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2018

Hey! Sorry to hear you're having some trouble - IMAPS is a good goal to achieve.

I haven't used SSLPoke. It looks like an interesting tool! For now though, I'm going to act as though it didn't have success using the Java keystore. (It's possible for instance that your setenv.sh file is configured to use system Java instead of the one that comes bundled with Jira).

Do you know what CA was used to sign your mail server certificate? There are problems with Java accepting widely-used GoDaddy certificates. If GoDaddy is your CA, you'll want to add an intermediary cert to your chain:

  1. Head over to GoDaddy's certificate store at https://certs.godaddy.com/repository
  2. Open/download the G2 with cross to G1 (including the root) - search the page for gd_bundle-g2-g1.crt to get the right file
  3. Append the text of the GoDaddy cert from step 2 into the .crt or .pem file (the public key) you've got configured for your mail server. You can just paste the text from the cert below the existing text on a new line at the bottom of the file.
  4. Restart your mail server
View More Comments
The Bee
The Bee March 23, 2018

Hi Daniel, 

 

thanks for the reply, I'm using a Comodo wildcard

Like
Daniel Eads {unmonitored account}
Daniel Eads {unmonitored account}
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
March 23, 2018

Gotcha - that extra info helps. Looks like Comodo says you generally need to add intermediary certificates for their trust chain with Java. The instructions they provide are for doing this with keytool, which you might have already done if you've gone to SSLPoke and it's returning an all-clear.

If this is the case (using keytool), did you restart Jira? The trust store loads when the application starts, so based on what you got from SSLPoke, restarting Jira might resolve your error.

 

If that's no good, I'd also try and go the other direction and add the intermediary certificates from Comodo to what's loaded in your web server. The process for adding to Java's trust store is well-documented, but suffers not consistently working. It also doesn't survive Jira upgrades, so if you can possibly fix it on the mail server side, that's the best way to go.

Like
The Bee
The Bee March 26, 2018

thank you Daniel!,

 

restarting Jira did the trick (didn't expect that needed to be restarted only because I added a certificate to the default keystore).

 

cheers.

Like tom.hristov likes this
Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.