Environment
Vibe 4.0.7
Vibe 4.0.6
Vibe 4.0.3Vibe 4.0.2
Vibe 4.0.1
Situation
Unable to configure outbound email for smtp + tls
Example of errors encountered:
ERROR [Sitescape_Worker-11] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - Exception: Could not fill e-mail subscriptions: Mail server connection failed; nested exception is java.x.mail.MessagingException: Could not connect to SMTP host: bperez84.lab.novell.com, port: 25; nested exception is: javax.net.ssl.SSLException: Unsupported or unrecognized SSL message ERROR [Sitescape_Worker-15] [org.kablink.teaming.module.mail.impl.MailModuleImpl] - EXCEPTION: Could not fill e-mail subscriptions: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Resolution
In order to sent encrypted mail the certificate from the receiving mail host must be imported into the VIBE keystore.
1. Make a backup copy of the Vibe java keystore file, /opt/novell/teaming/jre/lib/security/cacerts 2. After hours or when shutting down Vibe will not affect users, on the Vibe linux server DO : systemctl stop vibe.service 3. Make sure that you have the proper information listed in Vibe configuration dialogs : a. At the Vibe linux terminal as "root", in the Vibe install directory, run the command ./installer-teaming.inux. b. Choose "I accept the license agreement". c. Click NEXT. d. Choose "Reconfigure settings" and Click NEXT. e. Yes, to "is your Vibe shutdown". f. Choose Basic, Click NEXT. g. Click NEXT to accept the information on the dialog "Additional Extensions for View as HTML". If the information is correct. h. Click NEXT to "Default Locale and Logging Time Zone for Novell Vibe" dialog. i. Click NEXT to "Network Information". j. Click NEXT to the dialog "WebDAV Authentication Method". k. Click NEXT to the dialog "Database Selection". l. Click NEXT to the dialog "Java JDK". m. On the "Outbound E-Mail Configuration" dialog: ** Note: On the "Protocol" drop down list Choose "smtp" , NEVER choose "smtps", the latter is a deprecated protocol and if used will cause the Vibe Outbound smtp port 2525 NOT to go to a listen state, in this case, you will see an smtp error in the /opt/novell/teaming/apache-tomcat/logs/appserver.log. Note: Another way to know the existing Vibe outbound smtp configuration, whether "smtps" is improperly configured, is to search for: Resource mail.transport.protocol="smtps" in the /<VibeInstallationDirectory>/installer.xml file. On this same dialog choose the correct selections, including the checkbox "Enable STARTTLS", if you will be using TLS with your smtp connection. Click NEXT. n. Click NEXT on the "Inbound E-Mail Configuration" dialog to accept the existing configuration if the information is correct. o. On the "Ready to Install" dialog CLICK Install. p. On the "Installation complete" dialog, DO NOT YET follow the instructions on the screen to restart Vibe. Use the below Vibe linux terminal command as "root" : Import GroupWise CA certificate file into Vibe java keystore : Note: The "alias" name you choose is up to you, I chose, as an example - "<ServerName>-GW-CA" keytool -importcert -alias <alias_name?> -file </path/filename to GroupWise root CA file (ca.rt) > -cacerts 5. This file updated is in /opt/novell/teaming/jre/lib/security/cacerts... You can check if the "alias" name is in fact in the file now with : keytool -list -alias <ServerName>-GW-CA -cacerts Note: It is normally NOT needed to do the below command, but IF you needed to remove an incorrect "alias" from the Vibe java keystore : Disregard the below if it does not apply. To delete an existing alias : keytool -delete -alias <ServerName>-GW-CA -cacerts Lastly Restart Vibe as "root" at the Vibe linux terminal : systemctl start vibe