Unable to send e-mail from Vibe to GroupWise GWIA using SMTP and TLS

  • 7024403
  • 03-Feb-2020
  • 03-Feb-2020

Environment

Vibe 4.0.7
Vibe 4.0.6
Vibe 4.0.3
Vibe 4.0.2
Vibe 4.0.1

Situation

Unable to configure outbound email for smtp + tls  

Example of errors encountered:
ERROR [Sitescape_Worker-11] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - Exception:  Could not fill e-mail subscriptions: Mail server connection failed; nested exception is java.x.mail.MessagingException: Could not connect to SMTP host: 

bperez84.lab.novell.com, port: 25;  nested exception is:  javax.net.ssl.SSLException: Unsupported or unrecognized SSL message

ERROR [Sitescape_Worker-15] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - EXCEPTION:  Could not fill e-mail subscriptions: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;

  nested exception is:

        javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution

In order to sent encrypted mail the certificate from the receiving mail host must be imported into the VIBE keystore.


  1.  Make a backup copy of the Vibe java keystore file, /opt/novell/teaming/jre/lib/security/cacerts
  
  2.  After hours or when shutting down Vibe will not affect users, on the Vibe linux server DO :
  
      systemctl stop vibe.service
	  
  3.  Make sure that you have the proper information listed in Vibe configuration dialogs :
  
    a.  At the Vibe linux terminal as "root", in the Vibe install directory, run the command
	    ./installer-teaming.inux.
		
	b.  Choose "I accept the license agreement".
	c.  Click NEXT.
	d.  Choose "Reconfigure settings" and Click NEXT.
	e.  Yes, to "is your Vibe shutdown".
	f.  Choose Basic, Click NEXT.
	g.  Click NEXT to accept the information on the dialog "Additional Extensions for View as HTML".  If the information is correct.
	
	h.  Click NEXT to "Default Locale and Logging Time Zone for Novell Vibe" dialog.
	i.  Click NEXT to "Network Information".
	j.  Click NEXT to the dialog "WebDAV Authentication Method".
	k.  Click NEXT to the dialog "Database Selection".
	l.  Click NEXT to the dialog "Java JDK".
	
	m.  On the "Outbound E-Mail Configuration" dialog:  
	
	** Note:  On the "Protocol" drop down list Choose "smtp" , NEVER choose "smtps", the latter is a deprecated protocol and if used will cause the Vibe Outbound smtp port 2525 NOT to go to a listen state, in this case,
	you will see an smtp error in the /opt/novell/teaming/apache-tomcat/logs/appserver.log. 

    Note:  Another way to know the existing Vibe outbound smtp configuration, whether "smtps" is improperly configured, is to search for: Resource mail.transport.protocol="smtps" in the /<VibeInstallationDirectory>/installer.xml file.
	
	On this same dialog choose the correct selections, including the checkbox
"Enable STARTTLS", if you will be using TLS with your smtp connection.  Click NEXT.

    n.  Click NEXT on the "Inbound E-Mail Configuration" dialog to accept the existing configuration
	    if the information is correct.
		
	o.  On the "Ready to Install" dialog CLICK Install.
	p.  On the "Installation complete" dialog, DO NOT YET follow the instructions on the screen to restart
	    Vibe.  
		
		    
  Use the below Vibe linux terminal command as "root" :   Import GroupWise CA certificate file into Vibe java keystore :
  
     Note:  The "alias" name you choose is up to you, I chose, as an example - "<ServerName>-GW-CA"
	 

keytool -importcert -alias <alias_name?> -file </path/filename to GroupWise root CA file (ca.rt) > -cacerts


5.  This file updated is in /opt/novell/teaming/jre/lib/security/cacerts...  


You can check if the "alias" name is in fact in the file now with :

  
    keytool -list -alias <ServerName>-GW-CA -cacerts



  Note:  It is normally NOT needed to do the below command, but IF you needed to remove an incorrect "alias" from
         the Vibe java keystore :  Disregard the below if it does not apply.
		 
		 
To delete an existing alias :


  keytool -delete -alias <ServerName>-GW-CA -cacerts
  
  
  Lastly Restart Vibe as "root" at the Vibe linux terminal :   systemctl start vibe