ConsumeIMAP certificates issue

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ConsumeIMAP certificates issue

Luis Carmona
Hi guys,

I have a project that needs to receive the mails flow from an Imap
server.

If I try to read from port 993, get the error:

sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

If I try to read from port 143, get the error:

Unrecognized SSL message, plaintext connection



As my mail server accepts only secure login, I presume it is claiming
about the corresponding certificate.

The question is how to configure from where it has to read the
certificate ?


Thanks in advance.

Regards,

LC




Reply | Threaded
Open this post in threaded view
|

Re: ConsumeIMAP certificates issue

Andy LoPresto
Since the ConsumeIMAP processor does not expose an SSLContextService controller service to allow you to configure a custom truststore, it looks like the certificate verification is done internally in the underlying Spring library. I would try adding the public certificate of the IMAP server to the following truststores, one at a time, in this order: 

1. JRE cacerts (copy the actual cacerts and ensure you have a backup before you start modifying it)
2. The NiFi truststore configured in nifi.properties
 
Andy LoPresto
[hidden email]
[hidden email]
He/Him
PGP Fingerprint: 70EC B3E5 98A6 5A3F D3C4  BACE 3C6E F65B 2F7D EF69

On May 5, 2020, at 8:42 PM, Luis Carmona <[hidden email]> wrote:

Hi guys,

I have a project that needs to receive the mails flow from an Imap
server.

If I try to read from port 993, get the error:

sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target

If I try to read from port 143, get the error:

Unrecognized SSL message, plaintext connection



As my mail server accepts only secure login, I presume it is claiming
about the corresponding certificate.

The question is how to configure from where it has to read the
certificate ?


Thanks in advance.

Regards,

LC