javamail sends via tls on workstation but not on server

Question

I can connect and send myself email just fine from my workstation

Workstation Versions:

• Java - 1.6.0_21
• Tomcat - 6.0.29

However on the Server I get an error:

javax.mail.MessagingException: Could not connect to SMTP host: 
  smtpa.state.ak.us, port: 465 
  (java.net.SocketException: java.security.NoSuchAlgorithmException: 
     Error constructing implementation 
     (algorithm: Default, provider: SunJSSE, 
      class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl))  

at the Bottom of the stacktrace is the following section

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
        at java.security.KeyStore.load(Unknown Source)
        at com.sun.net.ssl.internal.ssl.TrustManagerFactoryImpl.getCacertsKeyStore(Unknown Source)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultTrustManager(Unknown Source)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(Unknown Source)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at java.lang.Class.newInstance0(Unknown Source)
        at java.lang.Class.newInstance(Unknown Source)
        ... 76 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        ... 88 more

The Server is running:

• Java - 1.6.0_18-b-07
• Tomcat - 6.0.28

Javamail is bundled with my Web Application, and is version 1.4.3

Edit:

For completeness sake I upgraded the bundled Javamail to 1.5.0-b01
I'm still getting the same errors.

keytool -list -keystore <path-to-default-java-keystore> with the default java keystore password works on both systems.

Further Edit:

After some more digging I found this SO Question: Accessing Tomcat's configured KeyStore and TrustStore

I added some logging statements to my application: I get the same result on my Workstation as I do on on the server.

10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.trustStore: null
10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.trustStorePassword: fedizPass
10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.trustStoreType: null
10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.keyStore: null
10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.keyStorePassword: fedizPass
10-25@12:20:30 DEBUG [statements] TextEmail - javax.net.ssl.keyStoreType: null

if you look carefully the default password isn't returned, and neither is the trust Store. I have Fediz-1.1.0-SNAPSHOT configured with a custom trustStore for WS-FEDERATION My Fediz code is using the Spring-Security plugin. All of that works properly. I have a second application deployed on both my WorkStation and Test Server that uses it as well. It also works properly and can send files via FTPS to another server. Also If it's supplying the wrong password in the SystemProperties, then why does it work on my workstation but not the Server?

Answer 1

Thanks to @Bill Shannon I was able to get it to work.

I ended up extending MailSSLSocketFactory, listed in an example in Javamail - SSLNotes
I followed the JSSE Reference - Creating Your Own X509TrustManager
I used it to add a Backup TrustManager that grabs the default KeyStore from System.getProperty("java.home") and passes in the default password. It attempts to set that X509TrustManager up as a fallback in case the default one created by MailSSLSocketFactory fails to validate the certificate.

Answer 2

Possibly your Tomcat configuration is selecting a different keystore with a non-default password?