Identity Manager 4.7.x
Couldn't send email: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Export the root certificate from your mail server to a file.
Move the certificate to any directory on the server, i.e. /tmp/.
Navigate to /opt/netiq/common/jre/bin/
Run the following command: ./keytool -importcert -v -file <path_to_mail_server_root_certificate> -keystore /opt/netiq/common/jre/lib/security/cacerts -alias "<alias_you_wish_to_give_this_certificate>"
Example: ./keytool -importcert -v -file /tmp/rootcert.der -keystore /opt/netiq/common/jre/lib/security/cacerts -alias "mailrootcertificate"
Steps on Windows Servers can be implemented multiple ways. The keytool command will work in a cmd prompt with slightly different syntax, or you can use a 3rd party application called Portecle. Here's some examples on how you can get it done on Windows.
Note: Any servers that you are running IDM Drivers setup for Email Notifications will need to have the above steps completed.
Changes were made to IDM 4.7 to allow for START TLS (which is configured on the mail server) to require certificates on the IDM server in order for that to function properly. If you are not concerned about having START TLS functional, then you can, as an alternative to the above steps, simply disable that feature on the mail server.
openssl s_client -connect smtp.gmail.com:587 -starttls smtp