Watcher - Email Sending Failure - SSLHandshakeException

Elastic Stack Elasticsearch
1

Hi,

I am trying to send an email using watcher. But getting the following error:

[2015-06-11 14:49:04,837][ERROR][watcher.actions.email    ] [PVR-MASTER] failed to execute action [enabler_component_watch/email_administrator]
org.elasticsearch.watcher.actions.email.service.EmailException: failed to send email with subject [Encountered 0 components] via account [exchange]
        at org.elasticsearch.watcher.actions.email.service.InternalEmailService.send(InternalEmailService.java:86)
        at org.elasticsearch.watcher.actions.email.service.InternalEmailService.send(InternalEmailService.java:78)
        at org.elasticsearch.watcher.actions.email.ExecutableEmailAction.execute(ExecutableEmailAction.java:64)
        at org.elasticsearch.watcher.actions.ActionWrapper.execute(ActionWrapper.java:100)
        at org.elasticsearch.watcher.execution.ExecutionService.executeInner(ExecutionService.java:340)
        at org.elasticsearch.watcher.execution.ExecutionService$WatchExecutionTask.run(ExecutionService.java:392)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unabl
e to find valid certification path to requested target
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)
        at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)
        at javax.mail.Service.connect(Service.java:295)
        at org.elasticsearch.watcher.actions.email.service.Account.send(Account.java:99)
        at org.elasticsearch.watcher.actions.email.service.InternalEmailService.send(InternalEmailService.java:84)
        ... 8 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: un
able to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1439)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
        at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)
        at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:447)
        at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)
        ... 12 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path
 to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421)
        ... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ... 28 more

Request you to suggest what could be the issue.

Thanks.

2

Hi Vilas,

I looks like your exchange server uses an unknown certificate (maybe self signed or signed by a non-commercial CA?).

In the release we don't enable customizing the the keystore/truststore, though this is definitely on our roadmap.

For now, try adding the following line under the smtp setting in your exchange email account settings:

ssl.trust: <host>

where <host> is you exchange host (or * to trust any host)

3

Thanks @uboness.
For some reason issue got resolved on its own after a couple of restarts of elasticsearch.
But your suggestion is good. I will try if I run into that again.