Expand my Community achievements bar.

Radically easy to access on brand approved content for distribution and omnichannel performant delivery. AEM Assets Content Hub and Dynamic Media with OpenAPI capabilities is now GA.

AEMaaCS - Unable to send mails trough external SMTP with SSL

Avatar

Level 2

I have an issue when sending out mails in AEM trough an external SMTP with SSL on AEMaaCS. On my local development environment, the mails are sent without any issues.

 

The error on AEMaaCS

Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : proxy.tunnel:30465
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Configuration: AdvancedNetworking on the correct instance (program and environment)

"portForwards": [
                    {
                        "name": "mail.something.com",
                        "portDest": 465,
                        "portOrig": 30465
                    },
                    {
                        "name": "mail.something.com",
                        "portDest": 25,
                        "portOrig": 30025
                    }
                ],
                "advancedNetworkingEnabled": true

 

Configuration: com.day.cq.mailer.DefaultMailService.cfg.json

{
  "smtp.host": "$[env:AEM_PROXY_HOST;default=proxy.tunnel]",
  "smtp.port": "30465",
  "smtp.user": "$[env:EMAIL_USERNAME]",
  "smtp.password": "$[secret:EMAIL_PASSWORD]",
  "from.address": "no-reply@something.com",
  "smtp.ssl": true,
  "smtp.starttls": false,
  "smtp.requiretls": false,
  "debug.email": false,
  "oauth.flow": false
}

 

I also tried to upload the certificate to the authors truststore (the mails are only sent on author)

Screenshot 2023-08-30 at 13.33.15.png

 

 

 

 

 

 

Does anybody know how to fix this issue? Thx in advance!

5 Replies

Avatar

Community Advisor

Hi @TrisM_ch 

 

The error you're encountering ("unable to find valid certification path to requested target") indicates that the SSL/TLS handshake process is failing because the server certificate presented by the SMTP server cannot be validated using the certificate authorities trusted by your AEM instance. This commonly occurs when the server certificate is self-signed or issued by an untrusted certificate authority.

To fix this issue, you need to make sure that the server certificate used by the SMTP server is trusted by your AEM instance.

Avatar

Level 2

Thx for the reply. How do I know if a server certificate is trusted by the AEM instance? Can I test that somehow? So the guys who are running the SMTP server have to change their certificate? If yes, to which one?

 

It seems that they are using a Let's Encrypt certificate:

 

Common name: R3
Organization: Let's Encrypt
Location: US
Valid from September 3, 2020 to September 15, 2025
Signature Algorithm: sha256WithRSAEncryption
Issuer: ISRG Root X1

 

 

Avatar

Administrator

@TrisM_ch  If you have found out solution yourself, please share it with the community.



Kautuk Sahni

Avatar

Level 2

Unfortunatly I did not find any solution yet. I opened a support ticket at adobe.

Avatar

Administrator

Please keep this community posted with whatever reply/solution you get from there. This would help the community in the posterity. 



Kautuk Sahni