SMTP over TLS: Could not convert socket to TLS

SMTP over TLS: Could not convert socket to TLS

Hi, 

I just upgraded our instance to 7117 and am getting this error after the upgrade. We use a SSL cert generated from an internal CA so I verified that our signing CA certificate can still be found in \jre\lib\security\cacerts. And it is there, as expected, as reported by the keytool command when I list the certificates included. However, I am still unable to send email over SMTP using TLS. 

At the UI, I get the error: Could not convert socket to TLS

Looking over some of the log files in the app directory, I found this more verbose error: 

[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: javax.mail.MessagingException: Could not convert socket to TLS;
  nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: KeyUsage does not allow digital signatures|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1880)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:648)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.mail.Service.connect(Service.java:317)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.mail.Service.connect(Service.java:176)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.mail.Service.connect(Service.java:125)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.mail.Transport.send0(Transport.java:194)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.mail.Transport.send(Transport.java:124)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.server.mail.SendMailAPI.sendMail(SendMailAPI.java:885)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.security.webclient.ChangePasswordAction.sentTestMail(ChangePasswordAction.java:1684)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.reflect.GeneratedMethodAccessor109.invoke(Unknown Source)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at java.lang.reflect.Method.invoke(Method.java:498)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.webclient.ADSMServletAPIController.execute(ADSMServletAPIController.java:98)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.webclient.ADSMServletAPIAction.processRequest(ADSMServletAPIAction.java:37)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.webclient.ADSMServletAPIAction.doPost(ADSMServletAPIAction.java:27)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.manageengine.ads.fw.filter.ADSFilter.doFilter(ADSFilter.java:76)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.server.metrack.METrackerFilter.doFilter(METrackerFilter.java:61)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.common.filter.RequestWhitelistingFilter.doFilter(RequestWhitelistingFilter.java:33)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.common.filter.EncodingFilter.doFilter(EncodingFilter.java:92)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.iam.security.SecurityFilter.doFilter(SecurityFilter.java:410)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.filters.ParamWrapperFilter.doFilter(ParamWrapperFilter.java:80)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.authentication.filter.AssociateCredential.doFilter(AssociateCredential.java:121)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.server.filter.ADMPCustomFilter.doFilter(ADMPCustomFilter.java:72)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:688)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.adventnet.sym.adsm.common.server.admin.authentication.SSOSessionParams.invoke(SSOSessionParams.java:42)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:291)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)|
[22:07:27:946]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at java.lang.Thread.run(Thread.java:748)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: KeyUsage does not allow digital signatures|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.sun.mail.util.SocketFetcher.configureSSLSocket(SocketFetcher.java:507)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.sun.mail.util.SocketFetcher.startTLS(SocketFetcher.java:447)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at com.sun.mail.smtp.SMTPTransport.startTLS(SMTPTransport.java:1875)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: ... 64 more|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: Caused by: sun.security.validator.ValidatorException: KeyUsage does not allow digital signatures|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.validator.EndEntityChecker.checkTLSServer(EndEntityChecker.java:270)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.validator.EndEntityChecker.check(EndEntityChecker.java:141)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.validator.Validator.validate(Validator.java:264)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)|
[22:07:27:947]|[10-27-2021]|[SYSERR]|[INFO]|[396]: ... 74 more|
[22:07:27:947]|[10-27-2021]|[SYSOUT]|[INFO]|[396]: The Error occurs in the SendFailedException.|
[22:07:27:947]|[10-27-2021]|[SYSOUT]|[INFO]|[396]: The exception is :Could not convert socket to TLS|

Am I missing anything? 

Regards, 

Sebastien