How to Configure Vibe Outbound mail to use TLS

  • 7023979
  • 28-Jun-2019
  • 29-Aug-2019

Environment


Vibe 4.0.3

Situation

GroupWise SMTP service is configured to use SSL. Vibe outbound email hasn't been configured for SSL connections.
Attempting to enable TLS on Vibe throws errors:
ERROR [Sitescape_Worker-11] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - Exception:  Could not fill e-mail subscriptions: Mail server connection failed; nested exception is java.x.mail.MessagingException: Could not connect to SMTP host: cthomas2.lab.novell.com, port: 25;  nested exception is:  javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

2019-05-29 03:41:56,022 ERROR [Sitescape_Worker-15] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - EXCEPTION:  Could not fill e-mail subscriptions: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;

  nested exception is:

        javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution

  1. Make sure the gwia smtp service is set to ssl enabled or required

    • GWIA | Agent Settings | SMTP

  2. Copy the CA cert over to the vibe server

    • Open a terminal to the GWIA server and run the following commands:

    • cd /opt/novell/groupwise/certificates/(current cert directory will be a long directory name of alpha-numeric value)

    • scp ca.crt <ip or hostname of vibe server>:/(choose a directory to store certificates)/

  3. Convert the cert to .der format

    • Open a terminal to the vibe server and do the following:

    • Change to the directory where the CA cert was just copied to.

    • openssl x509 -in ca.crt -outform der -out cacert.der

      • ca.crt is the CA cert, cacert.der will be the .der encoded certificate

  4. Import the CA cert to the Vibe cacert using the keytool

    • Change to /opt/novell/teaming/jre/bin/

    • ./keytool -import -alias ca_cert -file /root/rootCert/cacert.der -cacerts

      • ca_cert can be anything, it's an alias

      • /root/rootCert/cacert.der is the path to the .der encoded cert that was just created

    • Enter the password to the Vibe keystore file. It might be: changeit
    • Trust the certificate by typing "yes" and pressing "Enter"

  5. Enable TLS for outbound email

Cause

Importing the GWIA certificate can be confusing as the documentation outlines exporting a certificate from iManager only.