Java TLS Error When sending e-mail

Dohertab · April 28, 2017, 8:30pm

When attempting to use the ‘system.net.sendEmail’ function, I get the following error:

"Traceback (most recent call last):
File “event:actionPerformed”, line 37, in

com.inductiveautomation.ignition.client.gateway_interface.GatewayException: com.inductiveautomation.ignition.client.gateway_interface.GatewayException: Error sending email.
caused by GatewayException: Error sending email.
caused by javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

Ignition v7.8.2 (b2016030813)
Java: Oracle Corporation 1.8.0_131"

Emailing was working fine for weeks, and then this appeared out of the blue. Any idea what’s going on?

Thanks.

Kevin.Herron · April 28, 2017, 8:50pm

It looks like what changed was that the latest version of Java was installed.

This error means that you’re trying to send email with SSL/TLS enabled and the certificate being presented by your mail server can’t be validated (i.e. it is not signed by a valid CA certificate).

Your quickest fix would be to send without SSL/TLS for now, if that’s possible. Then you can deal with getting the certificate situation sorted out. Is this an internal server or something like office 365 on the internet?

Dohertab · May 1, 2017, 3:49pm

Thanks for the response Kevin! Yeah this is Office 365 on the cloud, I have to go through a 3rd party IT company in making any changes. After trying to send without TLS, I am denied permissions. Is it tough to get the certificate situation sorted out? Will research that now.

Kevin.Herron · May 1, 2017, 4:23pm

Hmm. It’s hard to imagine the CA cert used to sign the Office 365 cert isn’t already in the Java’s trusted cacerts list…

Is it possible the network you’re on has some kind of “security” appliance that MITMs all traffic, including SSL/TLS? This would cause the certificate seen by Java to be the one belonging to the appliance instead of the Office 365 certificate. While not as common, this is something we’ve seen in the past.

Dohertab · May 1, 2017, 5:04pm

Great question! I’ll get on the phone with their IT and investigate that.

Dohertab · May 8, 2017, 7:50pm

Figured out the issue. Not sure how this problem came to be, although I’m pretty confident it did have something to do with Java upgrading.

Following the ‘Installing JAVA_HOME on Windows’ instructions in the following link fixed the problem:

https://confluence.atlassian.com/adminjiraserver073/installing-java-861253016.html#InstallingJava-2.SettingJAVA_HOME

Also had to restart the gateway in order for the change to take effect. Hope this helps somebody else.