how to ignore server cert error in javamail
when i connect to my imap server using imaps,it failes.
can you tell me how to ignore server cert error in javamail
Exception in thread "main"
javax.mail.MessagingException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target; nested
exception is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:665)
at javax.mail.Service.connect(Service.java:295)
at javax.mail.Service.connect(Service.java:176)
at App20110204.main(App20110204.java:31)
Caused by:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1623)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:198)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:192)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1074)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:128)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:529)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:465)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1120)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1147)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1131)
at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:238)
at com.sun.mail.iap.Protocol.<init>(Protocol.java:113)
at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:110)
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:632)
... 3 more Caused by:
sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target at sun.security.validator.PKIXV开发者_如何学编程alidator.doBuild(PKIXValidator.java:294)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:200)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1053)
... 15 more Caused by:
sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification
path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:289)
... 21 more
and my source code
Properties prop = new Properties();
prop.put("mail.imap.ssl.checkserveridentity", "false");
prop.put("mail.imap.ssl.trust", "*");
Session session = Session.getDefaultInstance(prop);
Store store = session.getStore("imaps");
store.connect("mail.xxx.com", "xxxx", "p@ssw0rd");
System.out.println(store.getFolder("INBOX").getMessageCount());
use prop.put("mail.imaps.ssl.trust", "*"); since you are using imaps store.
and for smtp you can try :
prop.put("mail.smtp.ssl.trust", "*"); .
Don't ignore certificate verification errors (unless perhaps in a test environment): this defeats the point of using SSL/TLS.
Instead, if you know you trust that server certificate, import it in your trust store (either the global trust store of the JRE or a local one that you specify with the javax.net.ssl.trustStore* system properties, for example).
Properties propsSSL = new Properties();
propsSSL.put("mail.transport.protocol", "smtps");
propsSSL.put("mail.smtps.host", "hostname");
propsSSL.put("mail.smtps.auth", "true");
propsSSL.put("mail.smtps.ssl.checkserveridentity", "false");
propsSSL.put("mail.smtps.ssl.trust", "*");
Above changes will fix javax.mail.MessagingException: Could not connect to SMTP host: hostname, port: 465; for the nested exception
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
exception
If you are using javamail 1.4.2+, there is a socket factory you can use to ignore server certificate.
MailSSLSocketFactory socketFactory= new MailSSLSocketFactory();
socketFactory.setTrustAllHosts(true);
prop.put("mail.imap.ssl.socketFactory", socketFactory);
I think @Bruno is correct to admonish you not to blindly trust all servers with the hack setTrustAllHosts(true)
In the docs at Oracle they show how to add your dev mail host to the trusted list without forcing your app to insecurely trust the whole world:
MailSSLSocketFactory sf = new MailSSLSocketFactory();
sf.setTrustedHosts(new String[] { "my-server" });
props.put("mail.smtp.ssl.enable", "true");
// also use following for additional safety
props.put("mail.smtp.ssl.checkserveridentity", "true");
props.put("mail.smtp.ssl.socketFactory", sf);
I was the same issue, using
MailSSLSocketFactory socketFactory= new MailSSLSocketFactory();
socketFactory.setTrustAllHosts(true);
prop.put("mail.pop3s.ssl.socketFactory", socketFactory);
com.sun.mail.util.MailSSLSocketFactory
it's works!!
Properties pr = new Properties();
MailSSLSocketFactory socketFactory= new MailSSLSocketFactory();
socketFactory.setTrustAllHosts(true);
pr.put("mail.pop3s.ssl.socketFactory", socketFactory);
Session ses = Session.getInstance(pr);
ses.setDebug(true);
URLName url = new URLName("pop3s://username:password@host:posrt");
Store store = ses.getStore(url.getProtocol());
store.connect(url.getHost(), url.getPort(), url.getUsername(), url.getPassword());
Folder inbox = store.getFolder("INBOX");
inbox.open(Folder.READ_ONLY);
try {
int i = inbox.getMessageCount();
com.sun.mail.pop3.POP3Message mes;
while (i > 0) {
mes = (com.sun.mail.pop3.POP3Message) inbox.getMessage(i);
System.out.println(mes.getContentID());
i--;
}
} finally {
inbox.close(false);
store.close();
}
DEBUG: setDebug: JavaMail version 1.4.5
Exchange server 2010
PlainTextLogin
http://technet.microsoft.com/ru-ru/library/bb124498(v=exchg.141).aspx
If It is the problem persisted in Java 6 then the solution is simple.It is just simple as Java 7 was released.Install java 7 in machine.java 7 have the certificates file having the capability of ignoring certificate authentication.
copy the "cacerts" file from following java 7 directory
C:\Program Files\Java\jdk1.7.0_79\jre\lib\security
and paste it in
C:\Program Files\Java\jdk1.6.0\jre\lib\security
now the certificate authentication problem will be resolved.
This will help you bypass certificate process and get directly to ssl host
MailSSLSocketFactory sf = null;
try
{
sf = new MailSSLSocketFactory();
}
catch (GeneralSecurityException e)
{
e.printStackTrace();
}
sf.setTrustAllHosts(true);
Properties pop3Props = new Properties();
pop3Props.setProperty("mail.pop3.ssl.enable", "true");
pop3Props.setProperty("mail.protocol.ssl.trust", "pop3.live.com");
pop3Props.put("mail.pop3s.ssl.socketFactory", sf);
pop3Props.setProperty("mail.pop3s.port", "995");
Session session = Session.getInstance(pop3Props);
try
{
/* Get a Store object*/
Store store = session.getStore("pop3s");
//process further activity
}
I was the same issue.
MailSSLSocketFactory socketFactory = new MailSSLSocketFactory(); socketFactory.setTrustedHosts(new String[] { "my-server"});
socketFactory.setTrustAllHosts(true); props.put("mail.smtps.socketFactory", socketFactory);
it's works!!
加载中,请稍侯......
精彩评论