JavaMail配置SSL服务器及安装证书

客户给的邮件服务器要SSL，使用Spring的JavaMailSenderImpl，Spring配置如下

 

<bean id="javaMailSender" class="org.springframework.mail.javamail.JavaMailSenderImpl">
	<property name="host" value="${mail.smtp.host}" />
	<property name="username" value="${mail.smtp.username}" />
	<property name="password" value="${mail.smtp.password}" />
	<property name="port" value="${mail.smtp.port}" />
	<property name="javaMailProperties">
		<props>
			<prop key="mail.smtp.timeout">${mail.smtp.timeout}</prop>
			<prop key="mail.smtp.auth">${mail.smtp.auth}</prop>
		 	<prop key="mail.smtp.starttls.enable">${mail.smtp.starttls.enable}</prop>
			<prop key="mail.smtp.socketFactory.port">${mail.smtp.port}</prop>
			<prop key="mail.smtp.socketFactory.class">javax.net.ssl.SSLSocketFactory</prop>
			<prop key="mail.smtp.socketFactory.fallback">false</prop>
		</props>
	</property>
</bean>

 

mail.properties内容如下

 

mail.smtp.host=smtp.xyz.com
mail.smtp.port=465
mail.smtp.username=alerts+abc.net
mail.smtp.password=12345678
mail.smtp.auth=true
mail.smtp.starttls.enable=true
mail.smtp.timeout=50000
mail.from=alerts@abc.net
mail.replyTo=alerts@abc.net

 

发送邮件时得到异常如下

 

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at org.springframework.mail.javamail.JavaMailSenderImpl.doSend(JavaMailSenderImpl.java:419)
    at org.springframework.mail.javamail.JavaMailSenderImpl.send(JavaMailSenderImpl.java:342)
Caused by: javax.mail.MessagingException: Exception reading response;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1462)
    at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1260)
    ... 4 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
    ... 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    ... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
    ... 26 more

 

Google一下，需要保存安装证书

 

官方的QA http://java.sun.com/products/javamail/FAQ.html#installcert

 

Q: When connecting to my mail server over SSL I get an exception like "unable to find valid certification path to requested target".
A: Your server is probably using a test certificate or self-signed certificate instead of a certificate signed by a commercial Certificate Authority. You'll need to install the server's certificate into your trust store. The InstallCert program will help.

 

在这里 http://blogs.sun.com/andreas/entry/no_more_unable_to_find 有解决方案

 

用 http://blogs.sun.com/andreas/resource/InstallCert.java 的代码来安装证书

 

运行 java InstallCert smtp.xyz.com:465
得到jssecacerts文件后复制到jdk1.6.0_14\jre\lib\security目录

 

然后再发送邮件就OK了

 

附件是 InstallCert.java

评论

3 楼 liangwangzhe 2014-11-19  

1楼人才，鉴定完毕！

2 楼 rockyzheng 2013-07-18  

1 楼的，服了你了。

1 楼 xiaokang1582830 2012-05-04  

InstallCert.java运行直接Usage: java InstallCert <host>[:port] [passphrase],public static void main(String[] args) throws Exception {
String host;
int port;
char[] passphrase;
if ((args.length == 1) || (args.length == 2)) {
    String[] c = args[0].split(":");
    host = c[0];
    port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
    String p = (args.length == 1) ? "changeit" : args[1];
    passphrase = p.toCharArray();
} else {
    System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
    return;
}这代码有问题args为空不可能进行第一步