CODEWITHSUNDEEP
javassljakarta-mailkeystore
AgostinoX
AgostinoX

Reputation: 7683

No trusted certificate found while sending a mail, but the certificate seems to be in the keystore

I have a Tomcat 5 webapp that tries to send a mail, via smtp.gmail.com on port 465, through a SSL socket. I get the exception:

javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1706)
    at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:525)
    at javax.mail.Service.connect(Service.java:291)
    at javax.mail.Service.connect(Service.java:172)

Ok. I tried to import in my keystore the certificate i get on the website https://www.gmail.com.

keytool -import -trustcacerts -file c:\verising-c3_01.cer

But keytool says that this certificate already exists. Tomcat is installed with default settings, i didn't move keystores (i don't even know where they are). My javaMail version is 1.4.3, my jvm version is 1.4.2_12.

Upvotes: 1

Views: 1465

Answers (2)

user207421
user207421

Reputation: 311028

Imported certificates go in the truststore, not the keystore. You don't need a keystore at all unless the server requires a client certificate, which mail servers seldom do.

Upvotes: 1

Bill Shannon
Bill Shannon

Reputation: 29971

It might be helpful to use a newer version of the JDK, even if just for debugging purposes to see if it makes any difference.

Possibly your Tomcat configuration is overriding the keystore configuration such that you're not using the keystore you think you're using. The SSLNOTES.txt file included with JavaMail has pointers to SSL debugging tips; that might help you narrow down the source of the problem.

Upvotes: 1

Related Questions