1 Reply Latest reply on Oct 29, 2015 12:09 PM by mce_loren

    Unable to get Alert Central to poll POP3 mailbox using TLS

    mce_loren

      Hello everyone,

       

      I am unable to get Alert Central version 1.1.6.693 to poll a POP3 mailbox using TLS and port 995.

       

      I have looked at a few other posts about this issue but am unable to find a solution.

       

      I am able to use the same POP3 account using the standard unencrypted port of 110.

       

      It would appear as though the problem has something to do with not having an up-to-date root certificate chain. Below is the relevant bit from the exported logs. Any help would be appreciated.

       

      Note: I have not yet "rooted" the box by entering single user mode and changing the root password, but I am capable of doing that if necessary. I am guessing that it will need to do this in order to update the root certificate store...

       

      13:02:47.310 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure

      javax.mail.MessagingException: Connect failed

      at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:210) ~[mail-1.4.5.jar:1.4.5]

      at javax.mail.Service.connect(Service.java:295) ~[mail-1.4.5.jar:1.4.5]

      at com.solarwinds.oncall.email.EmailPollerImpl.getNewStoreAndConnect(EmailPollerImpl.java:648) ~[oncall-email-1.1.6-SNAPSHOT.jar:na]

      at com.solarwinds.oncall.email.EmailPollerImpl.access$500(EmailPollerImpl.java:72) ~[oncall-email-1.1.6-SNAPSHOT.jar:na]

      at com.solarwinds.oncall.email.EmailPollerImpl$FetchEmail.run(EmailPollerImpl.java:307) ~[oncall-email-1.1.6-SNAPSHOT.jar:na]

      at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [na:1.7.0_04]

      at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:351) [na:1.7.0_04]

      at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:178) [na:1.7.0_04]

      at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) [na:1.7.0_04]

      at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) [na:1.7.0_04]

      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [na:1.7.0_04]

      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [na:1.7.0_04]

      at java.lang.Thread.run(Thread.java:722) [na:1.7.0_04]

      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.7.0_04]

      at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868) ~[na:1.7.0_04]

      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) ~[na:1.7.0_04]

      at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) ~[na:1.7.0_04]

      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1338) ~[na:1.7.0_04]

      at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:154) ~[na:1.7.0_04]

      at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) ~[na:1.7.0_04]

      at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) ~[na:1.7.0_04]

      at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:998) ~[na:1.7.0_04]

      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294) ~[na:1.7.0_04]

      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321) ~[na:1.7.0_04]

      at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305) ~[na:1.7.0_04]

      at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:548) ~[mail-1.4.5.jar:1.4.5]

      at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:352) ~[mail-1.4.5.jar:1.4.5]

      at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:233) ~[mail-1.4.5.jar:1.4.5]

      at com.sun.mail.pop3.Protocol.<init>(Protocol.java:111) ~[mail-1.4.5.jar:1.4.5]

      at com.sun.mail.pop3.POP3Store.getPort(POP3Store.java:261) ~[mail-1.4.5.jar:1.4.5]

      at com.sun.mail.pop3.POP3Store.protocolConnect(POP3Store.java:206) ~[mail-1.4.5.jar:1.4.5]

      ... 12 common frames omitted

      Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) ~[na:1.7.0_04]

      at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[na:1.7.0_04]

      at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.7.0_04]

      at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) ~[na:1.7.0_04]

      at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) ~[na:1.7.0_04]

      at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126) ~[na:1.7.0_04]

      at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1320) ~[na:1.7.0_04]

      ... 25 common frames omitted

      Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) ~[na:1.7.0_04]

      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) ~[na:1.7.0_04]

      at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) ~[na:1.7.0_04]

      ... 31 common frames omitted

      13:02:57.733 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 2 times

      13:03:08.163 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 4 times

      13:03:28.960 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 8 times

      13:04:10.542 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 16 times

      13:05:34.229 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 32 times

      13:08:23.679 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 64 times

      13:13:59.684 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 128 times

      13:25:17.547 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 256 times

      13:47:45.546 [EmailPoller-1] ERROR c.s.oncall.email.EmailPollerImpl - Email Poller Failure, last exception repeated 512 times

        • Re: Unable to get Alert Central to poll POP3 mailbox using TLS
          mce_loren

          I just wanted to reply to my own post to let everyone know that I fixed this issue myself.

           

          The general steps I took were:

           

          1. Create a full backup of the VHD

          2. Root the VM by booting into single user mode, change the root password and reboot

          3. Log in as root

          4. Run "yum install pki-ca" which will download and install about 150 updated packages and dependencies

           

          I was worried about doing the update because the first time I tried it I completely hosed the system. However, this time I didn't install the EPEL repo so that is probably the difference.

           

          The system is now able to connect to mail hosts using TLS