Troubleshooting
Problem
This page describes the steps to take to make TRIRIGA 3.4.0 or 3.4.1.x, running over WebSphere Application Server 8.5.5.x, use Google Mail for incoming mail.
Symptom
Below are some of the types of errors that may appear in the TRIRIGA server.log if the configuration for retrieving incoming email from Google Mail is incorrect.
Case where IMAPS is not configured within TRIRIGA:
2015-05-18 15:16:14,756 WARN [com.tririga.platform.error.ErrorHandler] (IncomingMailAgent) IncomingMailAgent - FAILED TO READ MAIL MESSAGES. javax.mail.MessagingException: Connection timed out: connect; nested exception is:
[...]
Case where cacerts is configured to handle the keystore on the local server, but 'mail.imaps.ssl.key' is not set:
2015-06-15 19:56:55,647 ERROR [com.tririga.platform.error.ErrorHandler](IncomingMailAgent) Could not load SSL Keystore []: mail.imaps.ssl.key property not set.[MID-1049939754]
2015-06-15 19:56:56,462 WARN [com.tririga.platform.error.ErrorHandler](IncomingMailAgent) IncomingMailAgent - FAILED TO READ MAIL MESSAGES. javax.mail.MessagingException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error;
nested exception is:
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is:
java.security.cert.CertPathValidatorException: The certificate issued by OU=Equifax Secure Certificate Authority, O=Equifax, C=US is not trusted; internal cause is:
java.security.cert.CertPathValidatorException: Certificate chaining error[MID-4175445243]
Case where cacerts is configured to handle the keystore on the local server but the 'mail.imaps.ssl.key' path to the 'cacerts' directory contains a space:
2015-06-15 19:46:30,431 WARN [com.tririga.platform.error.ErrorHandler](IncomingMailAgent) IncomingMailAgent - FAILED TO READ MAIL MESSAGES. javax.mail.MessagingException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.;
nested exception is:
javax.net.ssl.SSLException: SSLSocketFactory is null. This can occur if javax.net.ssl.SSLSocketFactory.getDefault() is called to create a socket and javax.net.ssl.* properties are not set.[MID-823768220]
Case where keystore is set through WebSphere 8.5.5.x but Google Mail is not configured to allow less secure apps:
2015-06-18 15:21:01,000 ERROR [com.tririga.platform.error.ErrorHandler](IncomingMailAgent) Could not load SSL Keystore []: mail.imaps.ssl.key property not set.[MID-1049939754]
2015-06-18 15:21:04,499 WARN [com.tririga.platform.error.ErrorHandler](IncomingMailAgent) IncomingMailAgent - FAILED TO READ MAIL MESSAGES. javax.mail.AuthenticationFailedException: [ALERT] Please log in via your web browser: h t t p s://support.google.com/mail/accounts/answer/78754 (Failure)[MID-1132378144]
Cause
TRIRIGA 3.4.0/3.4.1.x, WebSphere 8.5.5.x, or Google Mail Server has not been configured in such a way that TRIRIGA is able to retrieve incoming emails from Google Mail.
Environment
TRIRIGA 3.4.0 or TRIRIGA 3.4.1.x
WebSphere 8.5.5.x
Windows
Diagnosing The Problem
- Verify that your Google Mail Server is set up correctly
- Using a web browser navigate log in to your Google email account
- Follow Google help pages' instructions for verifying that your Google Mail account is configured to use IMAP. At the time of writing this article, https://support.google.com/mail/troubleshooter/1668960#ts=1665018 contains this information. Note that this URL is not an IBM URL, it is subject to change, and IBM is not responsible for the content made available by following this link. Here are the basics, at this time, for configuring Google Mail to use IMAP:
- Click the 'Settings' icon
- Click 'Settings' again
- Click 'Forwarding and POP/IMAP'
- Verify that 'Enable IMAP' is clicked
- Follow Google help pages' instructions for verifying your Google Mail account's IMAP settings for mail server, port, and SSL. At the time of writing this article, https://support.google.com/mail/troubleshooter/1668960#ts=1665018,1665144 contains this information. Note that this URL is not an IBM URL, it is subject to change, and IBM is not responsible for the content made available by following this link. Here are the basics, at this time, for verifying what mail server, port, and SSL settings are required for an email client using IMAP to connect to Google Mail:
- Clicking the 'Settings' icon
- Clicking 'Settings' again
- Click 'Forwarding and POP/IMAP'
- Click 'Configuration instructions'
- Click 'I want to configure IMAP'
- Click 'Other'
- Note what mail server is listed. For example, 'imap.gmail.com' may be listed.
- Note what port is listed. For example, port 993 may be listed.
- Confirm that 'Requires SSL' is set to 'Yes'
- Follow Google help pages' instructions for configuring your Google Mail account to allow connections from less secure applications. At the time of writing this article, https://support.google.com/accounts/answer/6010255?hl=en contains this information. Note that this URL is not an IBM URL, it is subject to change, and IBM is not responsible for the content made available by following this link. Here are the basics, at this time, for enabling Google Mail to allow connections from less secure applications:
- Click the drop-down list next to your login name
- Click 'My Account'
- Click 'Sign-in & security'
- Set 'Allow less secure apps' to 'ON'
- Navigate within TRIRIGA to [Home] => Tools => 'System Setup' => System => 'Incoming Mail Config' and verify you have an Incoming Mail Configuration record for your Google email account containing the following details:
- MailServerType set to 'imaps'
- Username is set to the username you used in step 1A when logging in to your Google email account
- Password set the password you used in step 1A when logging in to your Google email account
- Host is set to the mail server shown in step 1C above
- Confirm that the following requirements of your 'TRIRIGAWEB.properties' file are met:
- The 'mail.imaps.ssl.port' property has the same port listed as appears in step 1C above
- The 'mail.imaps.ssl.key' property has no value set
- Neither line contains any trailing spaces
Resolving The Problem
- Log into your WebSphere 8.5.5.x Administrative Console
- Expand 'Security' and click 'SSL certificate and key management'
- Under 'Configuration settings,' click 'Manage endpoint security configurations'
- Click the appropriate 'Outbound' node for the cell and node management scope you are using
- Under 'Related Items,' click 'Key stores and certificates'
- Make sure 'SSL keystores is listed under 'Keystore usages' and click 'NodeDefaultTrustStore'
- Under 'Additional Properties,' click 'Signer certificates'
- Click 'Retrieve from port'
- Specify the following information:
- Specify the mail server listed in step 1C of 'Diagnosing The Problem' in the 'Host' field
- Specify the port listed in step 1C of 'Diagnosing The Problem' in the 'Port' field
- Specify a unique identifying name, such as 'gmail_imaps,' in the 'Alias' field
- Click 'Retrieve Signer Information'
- Verify that the certificate information is for a certificate that you can trust
- Click 'Apply'
- Click 'Save'
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21960392