Java Chatter and Random Nagging

Wednesday, November 07, 2007

Connecting to a SSL SMTP Server using Spring/Java

One of the toughest things I did for a long time :
I needed to connect to a SMTP Mail Server using an SSL connection.
When doing this using my SMTP GMail Server, all it took were a few lines :

public class SslMailServerCheckerGmail {

public static void main(String[] args) throws Exception {

JavaMailSenderImpl mailSender = new JavaMailSenderImpl();

Properties mailProps = new Properties();
mailProps.put("mail.smtps.auth", "true");
mailProps.put("mail.smtp.starttls.enable", "true");
mailSender.setJavaMailProperties(mailProps);

mailSender.setProtocol("smtps");
mailSender.setPort(465);
mailSender.setHost("smtp.gmail.com");
mailSender.setUsername("my.email@gmail.com");
mailSender.setPassword("mypassword");

MimeMessage mimeMessage = mailSender.createMimeMessage();
MimeMessageHelper helper = new MimeMessageHelper(mimeMessage, true);

helper.setTo("softwarre@hotmail.com");
helper.setFrom("my.email@gmail.com");
helper
.setSubject("If you can see this message in your mailbox, your code worked");

helper.setText("See subject", true);

mailSender.send(mimeMessage);

}
}


However, when trying this for another SSL SMTP Server, I kept having the error :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


The solution to this problem was to obtain the public key from the SMTP Server and make your Java client trust this key. Use the command
smtps.kuleuven.be:443
to grab the public certificate of the smtps server. Copy the certificate (including begin and end lines) into a file, for example call it
kuleuven.pem
. Then, import this certificate into your java keystore by using the command
keytool -import -alias smtps.kuleuven.be -keystore "C:\Program Files\Java\jdk1.6.0_02\jre\lib\security\cacerts" -file kuleuven.pem
. The default keystore password is
changeit
. Press yes to accept the certificate.

Small tip on the solution : If you use "C:\Program Files\Java\jdk1.6.0_02\jre\lib\security\cacerts" as your -keystore file, you will even not have to set the -Djavax.net.ssl.trustStore VM parameter, it will find the keystore file automagically.

Labels: , , , ,