Good morning, folks.
Just wanted to quickly share here, since I've never run into this and I am certain I won't be the only one.
Client's IT department configured a Classic SMTP profile with "Use STARTTLS" enabled. Test sends gave the following error:
javax.mail.MessagingException: Could not convert socket to TLS; nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In order to resolve this, I wound up using OpenSSL to get the certificate, saving it to the Ignition certificate directory, and restarting the gateway. Detailed steps just for reference.
- Run the following openssl command to get certificate
"openssl s_client -connect your.smtp.hostname:port -starttls smtp"
- Read output and copy the cert (including the begin / end header and footer). ie:
-----BEGIN CERTIFICATE-----
several lines of characters
-----END CERTIFICATE-----
- Paste cert into new text file, save with
.pemextension - Move .pem file to Ignition supplemental certificate location
`%gateway installation directory%data/certificates/supplemental`
- Restart gateway