Mail fetching failed - PKIX path building failed.

Mail fetching failed - PKIX path building failed.

Cause:


If the SSL Certificate in mail server is a self signed certificate then it is not imported in the ServiceDeskPlus-MSP java environment while using the POPS/IMAPS protocol.

Error Trace in logs:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target|

Solution:

Kindly note that the below process requires a service restart, hence plan it accordingly.

1. Download the file for windows from the attached.

2. Extract the folder that you downloaded from the link.

a. Place the gencert.bat file under  C:\ManageEngine\Service DeskPlus-MSP.

b. 
Place the cert.jar file under  C:\ManageEngine\Service DeskPlus-MSP\lib.

3. Run the Extracted batch file from the command prompt using the syntax given below.

syntax:- gencert.bat (hostname):(port)

Hostname and port number can be found from Admin->Mail Server Settings (Incoming or outgoing, whichever you have issue with).

eg:-
C:\ManageEngine\Service DeskPlus-MSP> gencert.bat outlook.office365.com:995

4. You will receive an exception PKIX, provide value 1. On supplying the value 1, a file called jssecacerts is generated in the C:\ManageEngine\Service DeskPlus-MSP Directory.

5. Copy the jssecacerts file under C:\ManageEngine\Service DeskPlus-MSP\ jre\lib\security folder. If you have a existing file, please take a copy before replacing. 

6. Restart the ServiceDeskPlus-MSP application.

7. Fill in the values under Mail Server Settings. Start fetching mails to check the functionality.


Note: 

1. If you have issues with both mail fetching and sending, it is enough, if you apply these steps for either of the incoming or outgoing hostname/port.

2. Linux users, please use the appropriate file (Lincertgeneraton.zip) attached.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Zoho Reports sync failure_PKIX path building failed

                      While syncing Zoho Reports, this error may appear where the self-signed certificate to sync both Zoho Reports and SDP MSP will be missing. These traces (mentioned below) can be viewed in the file zrmeinteglog0.txt under the location ...
                    • Analytics - SupportCenter Plus integration PKIX path building failed (for SCP 11.0)

                      While syncing Analytics Reports, this error may appear where the self-signed certificate to sync both Analytics Reports and SCP will be missing. These traces (mentioned below) can be viewed in the file zrmeinteglog0.txt under the location ...
                    • List of mail fetching issues and solutions

                      Scenario 1 : Mail fetching issue due to Invalid or No PKIX certificate .   Log traces for Mail Fetching  issues Exception when connecting to store.|javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: ...
                    • Mail sending failed_Unable to relay

                      Error trace in logs: javax.mail.SendFailedException: Invalid Addresses;nested exception is: com.sun.mail.smtp.SMTPAddressFailedException: 550 5.7.1 Unable to relay Possible Cause: The SMTP server does not allow relaying unless you are sending email ...
                    • Mail fetching - deleted flag issue

                      This message will be thrown, when you have provided a shared mailbox. The concept here is, SDP MSP reads the mail from the configured mailbox and adds it as a request. During the time, if some other application fetches the mail from the same mailbox ...