Adobe Experience Manager Sites & More

TrisM_ch · 8/30/23

I have an issue when sending out mails in AEM trough an external SMTP with SSL on AEMaaCS. On my local development environment, the mails are sent without any issues.

The error on AEMaaCS

Caused by: org.apache.commons.mail.EmailException: Sending the email to the following server failed : proxy.tunnel:30465
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Configuration: AdvancedNetworking on the correct instance (program and environment)

"portForwards": [
                    {
                        "name": "mail.something.com",
                        "portDest": 465,
                        "portOrig": 30465
                    },
                    {
                        "name": "mail.something.com",
                        "portDest": 25,
                        "portOrig": 30025
                    }
                ],
                "advancedNetworkingEnabled": true

Configuration: com.day.cq.mailer.DefaultMailService.cfg.json

{
  "smtp.host": "$[env:AEM_PROXY_HOST;default=proxy.tunnel]",
  "smtp.port": "30465",
  "smtp.user": "$[env:EMAIL_USERNAME]",
  "smtp.password": "$[secret:EMAIL_PASSWORD]",
  "from.address": "no-reply@something.com",
  "smtp.ssl": true,
  "smtp.starttls": false,
  "smtp.requiretls": false,
  "debug.email": false,
  "oauth.flow": false
}

I also tried to upload the certificate to the authors truststore (the mails are only sent on author)

Does anybody know how to fix this issue? Thx in advance!

ksh_ingole7 · 8/30/23

Hi @TrisM_ch

The error you're encountering ("unable to find valid certification path to requested target") indicates that the SSL/TLS handshake process is failing because the server certificate presented by the SMTP server cannot be validated using the certificate authorities trusted by your AEM instance. This commonly occurs when the server certificate is self-signed or issued by an untrusted certificate authority.

To fix this issue, you need to make sure that the server certificate used by the SMTP server is trusted by your AEM instance.

TrisM_ch · 8/30/23

Thx for the reply. How do I know if a server certificate is trusted by the AEM instance? Can I test that somehow? So the guys who are running the SMTP server have to change their certificate? If yes, to which one?

It seems that they are using a Let's Encrypt certificate:

Common name: R3
Organization: Let's Encrypt
Location: US
Valid from September 3, 2020 to September 15, 2025
Signature Algorithm: sha256WithRSAEncryption
Issuer: ISRG Root X1

kautuk_sahni · 9/18/23

@TrisM_ch If you have found out solution yourself, please share it with the community.

Kautuk Sahni

TrisM_ch · 9/18/23

Unfortunatly I did not find any solution yet. I opened a support ticket at adobe.

kautuk_sahni · 9/18/23

Please keep this community posted with whatever reply/solution you get from there. This would help the community in the posterity.

Adobe Experience Manager Sites & More

AEMaaCS - Unable to send mails trough external SMTP with SSL

Kautuk Sahni

Kautuk Sahni

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe