If one or more of the applications and/or mail server is using SSL, you might come across the following error when trying to connect to that server:

javax.net.ssl.SSLHandshakeException:
 sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:441) at javax.mail.Service.connect(Service.java:233) at javax.mail.Service.connect(Service.java:134)

If this happens, make sure that the public key of the server is imported into the application server's keystore. Following are the steps:

  1. Obtain the server's public key: The public/private key pair will live somewhere on the server. If you have open SSL installed locally, the key can be retrieved with a command like:

    openssl s_client -connect jira.atlassian.com:https >file
  2. Cut and paste the certificate (including BEGIN and END lines) into a local file (eg. Jira.pem).
  3. Import the public key: To do this, you need to use the keytool program that comes with the Java platform used to run Tomcat & ConnectALL core service. For example:
    keytool -import-alias jira.atlassian.com -keystore $JAVA_HOME/jre/lib/security/cacerts -file Jira.pem
    The default password for the keystore is usually changeit or changeme.
  4. Restart ConnectALL and the Tomcat service.

Export SSL Certificate

Alternatively, you can open your application(Jira, ALM etc.) URL on your browser and export the SSL certificate using browser's export certificate wizard.

SSL import using ConnectALL GUI

You can import SSL certificates from the ConnectALL UI itself. The SSL Import wizard will help you to import certificates into the Java keystore. It automatically detects the JRE keystore used by Tomcat. 

If ConnectALL core service is running on a different JRE than Tomcat, you can click the Edit checkbox to change the keystore path of JRE used by ConnectALL core service.

This error is due to the limitation in JDK. To resolve, follow the steps below: 

  1. Download Bouncy Castle jars: 
    1. bcprov-jdk15on-152.jar

    2. bcprov-ext-jdk15on-152.jar

  2. Copy these jars to JAVA_HOME/jre/lib/ext
  3. Add the following line into JAVA_HOME/jre/lib/security/java.security file,

    security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
    CODE

Note: You need to rearrange the order of other security providers and keep BouncyCastleProvider in position 1.