Results 1 to 3 of 3

Thread: javax.net.ssl.SSLHandshakeException when trying to connect without SSL

  1. #1
    Join Date
    Oct 2011
    Location
    Switzerland
    Posts
    7
    Rep Power
    4

    Default javax.net.ssl.SSLHandshakeException when trying to connect without SSL

    I still got this problem, so I try it now with a properly named thread.

    I'm trying to connect to mailserver inside my local network using an external account. since this mail server does only work within our localnetwork, there is no way to connect to it using its mx dns record from the "internet cloud". but within the localnetwork it's without a problem possible to connect to it using various mail clients (outlook or thunderbird for example). So on trying to connect to this server using an external account on my zimbra user (not using SSL!). I get the following exception according to the mailbox.log:

    2011-10-13 10:27:29,904 INFO [btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest] [name=andreas@football-db.com;mid=3;ip=192.168.19.207;ua=ZimbraWebClient - FF3.0 (Win)/7.1.3_GA_3346;] datasource - Testing: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
    2011-10-13 10:27:30,086 WARN [btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest] [name=andreas@football-db.com;mid=3;ip=192.168.19.207;ua=ZimbraWebClient - FF3.0 (Win)/7.1.3_GA_3346;] datasource - Test failed: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
    com.zimbra.common.service.ServiceException: system failure: Unable to connect to POP3 server: DataSource: { id=TestId, type=pop3, isEnabled=false, name=Test, host=cult-t1.culturall.com, port=110, connectionType=cleartext, username=schabmann, folderId=-1 }
    ExceptionId:btpool0-12://mail.football-db.com/service/soap/TestDataSourceRequest:1318494450086:6ccd138f1a07ed 36
    Code:service.FAILURE
    at com.zimbra.common.service.ServiceException.FAILURE (ServiceException.java:248)
    at com.zimbra.cs.datasource.Pop3Sync.connect(Pop3Sync .java:156)
    at com.zimbra.cs.datasource.Pop3Sync.test(Pop3Sync.ja va:109)
    at com.zimbra.cs.datasource.DataSourceManager.test(Da taSourceManager.java:208)
    at com.zimbra.cs.service.mail.TestDataSource.handle(T estDataSource.java:129)
    at com.zimbra.soap.SoapEngine.dispatchRequest(SoapEng ine.java:412)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:287)
    at com.zimbra.soap.SoapEngine.dispatch(SoapEngine.jav a:158)
    at com.zimbra.soap.SoapServlet.doWork(SoapServlet.jav a:294)
    at com.zimbra.soap.SoapServlet.doPost(SoapServlet.jav a:215)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:725)
    at com.zimbra.cs.servlet.ZimbraServlet.service(Zimbra Servlet.java:208)
    at javax.servlet.http.HttpServlet.service(HttpServlet .java:814)
    at org.mortbay.jetty.servlet.ServletHolder.handle(Ser vletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1166)
    at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(Set HeaderFilter.java:79)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
    at org.mortbay.servlet.UserAgentFilter.doFilter(UserA gentFilter.java:81)
    at org.mortbay.servlet.GzipFilter.doFilter(GzipFilter .java:132)
    at org.mortbay.jetty.servlet.ServletHandler$CachedCha in.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(Se rvletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle( SecurityHandler.java:218)
    at org.mortbay.jetty.servlet.SessionHandler.handle(Se ssionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(Co ntextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebA ppContext.java:422)
    at org.mortbay.jetty.handler.ContextHandlerCollection .handle(ContextHandlerCollection.java:230)
    at org.mortbay.jetty.handler.HandlerCollection.handle (HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.handler.rewrite.RewriteHandler.h andle(RewriteHandler.java:230)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.handler.DebugHandler.handle(Debu gHandler.java:77)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(Ha ndlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(Htt pConnection.java:583)
    at org.mortbay.jetty.HttpConnection$RequestHandler.co ntent(HttpConnection.java:986)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser. java:756)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpPa rser.java:218)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnec tion.java:414)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(Selec tChannelEndPoint.java:429)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.ru n(BoundedThreadPool.java:451)
    Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: d2:CN16:imap.example.com1:O0:2:OU11:IMAP server6:accept4:true5:alias38:cult-t1.culturall.com:897D72B6B11C4C924:fromi1130638247 000e4:host21:cult-t1.culturall.com3:icn16:imap.example.com2:io0:3:io u11:IMAP server3:md532:0E62FEC19C94C0D549B89BEFB88514C78:mi smatch5:false1:s16:897D72B6B11C4C924:sha140:36785D EA8DC7406BAC0EB6C93A9967562753DBCE2:toi11621742470 00ee
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1649)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:235)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1206)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:136)
    at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:593)
    at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:529)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:893)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1138)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1165)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1149)
    at com.zimbra.common.net.CustomSSLSocket.startHandsha ke(CustomSSLSocket.java:90)
    at com.zimbra.cs.mailclient.MailConnection.startTls(M ailConnection.java:100)
    at com.zimbra.cs.mailclient.MailConnection.connect(Ma ilConnection.java:84)
    at com.zimbra.cs.datasource.Pop3Sync.connect(Pop3Sync .java:148)
    ... 38 more
    Caused by: java.security.cert.CertificateException: d2:CN16:imap.example.com1:O0:2:OU11:IMAP server6:accept4:true5:alias38:cult-t1.culturall.com:897D72B6B11C4C924:fromi1130638247 000e4:host21:cult-t1.culturall.com3:icn16:imap.example.com2:io0:3:io u11:IMAP server3:md532:0E62FEC19C94C0D549B89BEFB88514C78:mi smatch5:false1:s16:897D72B6B11C4C924:sha140:36785D EA8DC7406BAC0EB6C93A9967562753DBCE2:toi11621742470 00ee
    at com.zimbra.common.net.CustomTrustManager.checkServ erTrusted(CustomTrustManager.java:90)
    at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:1198)
    ... 49 more


    The other external account I set up works well. it is however connecting to a WAN mailserver with proper DNS MX record.
    But I don't see why this can't work with our internal mailserver, since zimbra is only going to connect to it from within the LAN.

    thx for help

  2. #2
    Join Date
    Apr 2011
    Location
    Prague
    Posts
    65
    Rep Power
    4

    Default

    I had the same problem. Zimbra can connect with TLS only to the servers with "chained" trusted certificates. Workaround is:
    [root@zimbra /]# zmlocalconfig -e javamail_imap_enable_starttls=false
    [root@zimbra /]# zmmailboxdctl restart

    It is about DISABLE TLS. Zimbra always use TLS, if target server support STARTTLS. So you have to make trusted chained certificate on target server, or disable default TLS on on Zimbra side, or disable STARTTLS support on target server.

    I have done it by javamail_imap_enable_starttls=false.
    Last edited by meesha; 10-13-2011 at 06:31 AM.

  3. #3
    Join Date
    Oct 2011
    Location
    Switzerland
    Posts
    7
    Rep Power
    4

    Default

    thx for the advice.

    I had to also set ssl_allow_untrusted_certs to true in order to make it work however.

Similar Threads

  1. postfix deferred delivery with invalid argument
    By skralg in forum Administrators
    Replies: 11
    Last Post: 07-11-2011, 06:28 AM
  2. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  3. Zimbra fails after working for 2 weeks
    By Linsys in forum Administrators
    Replies: 10
    Last Post: 10-07-2008, 12:42 AM
  4. Is it started or not
    By kwelipatton in forum Installation
    Replies: 10
    Last Post: 03-28-2006, 10:11 PM
  5. Can't send or receive mails from Zimbra
    By ppurama in forum Administrators
    Replies: 4
    Last Post: 11-14-2005, 09:17 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •