search cancel

NetOps Portal emails fail to be sent due to errors in the DMService.log

book

Article ID: 256826

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Emails are no longer being received from DX NetOps Performance Management Portal web server.

Report emails fail to be sent due to errors in the DMService.log.

The following error is seen in the (default path) /opt/CA/PerformanceCenter/DM/logs/DMService.log file.

ERROR | EmailJobTaskThreadPool-Thread-121 | 2022-12-27 09:21:42,226 | com.ca.im.portal.dm.scheduling.email.EmailJobTask                
      | Error sending e-mail: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
  nested exception is:
    javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    ...
Caused by: javax.mail.MessagingException: Can't send command to SMTP host
    ...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]
    at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
    at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
    at sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) ~[?:?]
    ...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(Unknown Source) ~[?:?]
    at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[?:?]
    at sun.security.validator.Validator.validate(Unknown Source) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(Unknown Source) ~[?:?]
    at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(Unknown Source) ~[?:?]
    ...
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source) ~[?:?]
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source) ~[?:?]
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source) ~[?:?]
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source) ~[?:?]
    ...
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(Unknown Source) ~[?:?]
    at sun.security.provider.certpath.BasicChecker.verifySignature(Unknown Source) ~[?:?]
    ...

Environment

All supported DX NetOps Performance Management Portal web server releases

Cause

Current email server SSL certificate imported expired.

Resolution

Obtain the new SSL certificate and follow the documented steps to import the updated certificate(s). The steps are found in the Configure the Email Server documentation topic, in the Configure the Email Server as a Trusted Connection section.

Additional Information

  • How to view expiration date for email server SSL certificate.
    • Command 4 at the bottom of the Configure the Email Server documentation topic shows how to list certs currently imported.
      1. Use the output to identify the alias for the expired email server certificate.
    • Use this command to list the details for the specific alias used for the email server SSL certificate.
      • Default path shown. Change as needed.
      • Replace <alias> with alias name.
      • Command:
        1. /opt/CA/jre/bin/keytool -list -v -alias <alias> -keystore /opt/CA/jre/lib/security/cacerts
  • How to remove an expired imported certificate?
    • Default paths shown. Change as needed.
    • Replace <aliasToRemove> with alias identified above.
    • Command:
      • /opt/CA/jre/bin/keytool -delete -alias <aliasToRemove> -keystore /opt/CA/jre/lib/security/cacerts
    • Ensure the alias to be removed is the correct one with an expired end date.