NetOps Portal emails fail to be sent due to errors in the DMService.log
Article ID: 256826
Updated On:
Products
Issue/Introduction
Emails are no longer being received from DX NetOps Performance Management Portal web server.
Report emails fail to be sent due to errors in the DMService.log.
The following error is seen in the (default path) /opt/CA/PerformanceCenter/DM/logs/DMService.log file.
ERROR | EmailJobTaskThreadPool-Thread-121 | 2022-12-27 09:21:42,226 | com.ca.im.portal.dm.scheduling.email.EmailJobTask
| Error sending e-mail: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
org.springframework.mail.MailSendException: Mail server connection failed; nested exception is javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed. Failed messages: javax.mail.MessagingException: Can't send command to SMTP host;
nested exception is:
javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
...
Caused by: javax.mail.MessagingException: Can't send command to SMTP host
...
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
...
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
...
Caused by: java.security.cert.CertPathValidatorException: signature check failed
...
Caused by: java.security.SignatureException: Signature does not match.
Environment
All supported Network Observability DX NetOps Performance Management Portal web server releases
Cause
The current email server SSL certificate imported expired or does not exist.
This can be seen when a new email server is added to a load-balanced email server group.
Resolution
Obtain the new SSL certificate and follow the documented steps to import the updated certificate(s).
The steps are found in the Configure the Email Server documentation topic, in the Configure the Email Server as a Trusted Connection section.
Additional Information
- How to view expiration date for email server SSL certificate.
- Command 4 at the bottom of the Configure the Email Server documentation topic shows how to list certs currently imported.
- Use the output to identify the alias for the expired email server certificate.
- Use this command to list the details for the specific alias used for the email server SSL certificate.
- Default path shown. Change as needed.
- Replace <alias> with alias name.
- Command:
- /opt/CA/jre/bin/keytool -list -v -alias <alias> -keystore /opt/CA/jre/lib/security/cacerts
- Command 4 at the bottom of the Configure the Email Server documentation topic shows how to list certs currently imported.
- How to remove an expired imported certificate?
- Default paths shown. Change as needed.
- Replace <aliasToRemove> with alias identified above.
- Command:
- /opt/CA/jre/bin/keytool -delete -alias <aliasToRemove> -keystore /opt/CA/jre/lib/security/cacerts
- Ensure the alias to be removed is the correct one with an expired end date.
Feedback
