Could Not Convert Socket to TLS

Could Not Convert Socket to TLS

ISSUE

When the system tries to send email, it results in an error "Could not convert socket to TLS".

The Email debug in the 8090 Console shows:

INFO  (08/21) 12:17:57 [stdout]: STARTTLS
INFO  (08/21) 12:17:57 [stdout]: 220 Ready to start TLS
ERROR (08/21) 12:17:57 [com.stoneware.service.Mail]: Unable to send mail.
javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


SOLUTION

With the release of UW 6.5.6.13, STARTTLS support was added to the Mail Service.  Now the system will automatically check to see if the SMTP server supports STARTTLS and will begin the negotiation process to upgrade the connection to using TLS.

The error is stating that Java is unable to validate the SSL Certificate used by the SMTP server.  This can be caused by the SMTP server utilizing a self-signed certificate, where a matching root certificate does not exist in Java's cacerts keystore.  (Java's security is extremely strict with needing to be able to validate the server certificate.)

To correct the issue, one of two options can be tried:
  • Disable STARTTLS on the SMTP server.
  • Fix the certificate issue.
    • If using a self-signed cert, try importing the root certificate that signed your email server's certificate into the Java cacerts keystore used by the UW servers.
      "c:\stoneware\jre\lib\security\cacerts" (Oracle-provided default passphrase is "changeit").
      This would need to be done on all of the UW servers.
    • Install a CA-signed certificate, on the SMTP server, that will have an associated root certificate in the Java cacerts file on the UW servers.

    Can't find the KB

    Unable to find the KB to address your issue ?  

      • Recent Articles

      • Lenovo Unified Workspace End-of-Life Questions and Answers

        Will the shutdown of LUW servers and access to downloads affect my server licensing? No, the shutdown of the customer servers and access to the product and licensing downloads will not affect your server licensing. This license is downloaded and ...

      • How do I determine my Unified Workspace license expiration date?

        The best method for determining the licensing information including the expiration date of your Unified Workspace license: Login to your 8090 management console on each server This may take remoting into each LUW server and relay, opening a browser, ...

      • Lenovo Unified Workspace 7.0.2.13 Released

        Highlights of Unified Workspace 7.0.2.13 Before you install: Please view the installation notes here. 7.0.2.13 requires a 7.0 license file. Below is a list of enhancements and fixes released in Unified Workspace 7.0.2.13 Fixed external storage ...

      • LanSchool Documentation Guides

        LanSchool Classic Teacher Console The LanSchool Teacher Console is the interface teachers will use to manage their classroom and students. It contains all the tools necessary for a teacher to effectively interact with students and create a ...

      • Lenovo Unified Workspace 7.0.1.41 Released

        Highlights of Unified Workspace 7.0.1.41 Before you install: Please view the installation notes here. 7.0.1.41 requires a 7.0 license file. Below is a list of enhancements and fixes for Unified Workspace 7.0.1.41 Updated Log4j Updated Java Updated ...